createSessionCookie does not work with tenants [204377229]

Fixed

Bug

Status Update

No update yet.

Description

sc...@huvrdata.com

created issue #1

Oct 28, 2021 03:19PM

Problem you have encountered:

When trying to create a session cookie for a tenant. The API returns:

Error while calling Auth service (UNSUPPORTED_TENANT_OPERATION).

This is the message for the Python client library.

Here is the documented API we are calling: https://cloud.google.com/identity-platform/docs/reference/rest/v1/projects/createSessionCookie

What you expected to happen: The API should return a cookie.

Steps to reproduce:

Setup Identity Platform
Add a tenant
Get a valid id token (for the tenant)
Request a session cookie

Other information (workarounds you have tried, documentation consulted, etc):

There is an issue on the client library, but it appears the backend is failing even if you send the correct payload. We are using the Client Library with a work around for this issue.

https://github.com/firebase/firebase-admin-python/issues/577

Comments

gu...@google.com <gu...@google.com> #2Oct 28, 2021 09:34PM

Assigned to gc...@google.com.

Hi,

Thanks for contacting Google Support Team,

This issue was reported before and engineering team is already working on this issue, However there is not an ETA yet.

All the updates will be posted here. Please feel free to add any questions or additional information.

External link to get more details UNSUPPORTED_TENANT_OPERATION

Thanks and regards

Google Support Team

co...@andreagiardini.com <co...@andreagiardini.com> #3Feb 14, 2022 10:11AM

Do you have any updates about this issue? An approximate ETA would be helpful.

Andrea

sc...@huvrdata.com <sc...@huvrdata.com> #4Feb 16, 2022 03:52PM

Any update on this issue?

ma...@fourthwall.com <ma...@fourthwall.com> #5Feb 18, 2022 06:48AM

I am experiencing the same issue using firebase-admin java 8.1.0 client

also tried testing it using both https://cloud.google.com/identity-platform/docs/reference/rest/v1/projects/createSessionCookie
and https://cloud.google.com/identity-platform/docs/reference/rest/v1/projects.tenants/createSessionCookie

in all cases I am getting

{
  "error": {
    "code": 400,
    "message": "UNSUPPORTED_TENANT_OPERATION",
    "errors": [
      {
        "message": "UNSUPPORTED_TENANT_OPERATION",
        "domain": "global",
        "reason": "invalid"
      }
    ]
  }
}

ry...@gmail.com <ry...@gmail.com> #6Mar 18, 2022 05:22PM

Hi there. I'm also running into this issue. From the Node.js docs it looks like this exists , but I get an error from this API about it not existing for multi tenants.

FirebaseAuthError: This operation is not supported in a multi-tenant context.
errorInfo: {
    code: 'auth/unsupported-tenant-operation',
    message: 'This operation is not supported in a multi-tenant context.'
},
codePrefix: 'auth'

https://firebase.google.com/docs/reference/admin/node/firebase-admin.auth.tenantawareauth

Message last modified on Mar 18, 2022 05:22PM

to...@google.com <to...@google.com> #7Apr 11, 2022 07:43PM

Marked as fixed.

Hello,

I'm closing this Public Issue Tracker as the internal issue has been marked as fixed. If you believe this is an error please open a new PIT making reference to this one for better tracking.

For Googlers: Please refer to the internal issue if you need further clarification.

Regards.

Issue 204377229