bug: Can't deleteUser() due to auth/requires-recent-login

[maxbarry]

Plugin(s)

• Analytics
• App
• App Check
• Authentication
• Crashlytics
• Cloud Firestore
• Cloud Messaging
• Cloud Storage
• Performance
• Remote Config

Version

5.3.0

Platform(s)

• Android
• iOS
• Web

Current behavior

I implemented deleteUser() (thanks #281!) but if the user's most recent login is more than 5 minutes ago, the operation is rejected by Firebase with the error auth/requires-recent-login.

In this situation, the Firebase docs say to use reauthenticateWithCredential(), however, this function is unavailable.

Expected behavior

I hope for a way to ask the user to re-authenticate in-place. Otherwise I think I'd have to log them out, which resets all app state, then get them to log back in, navigate back to the delete account page, and re-try within 5 minutes.

Reproduction

n/a

Steps to reproduce

export async function deleteUser() {
    try {
        await FirebaseAuthentication.deleteUser()
    } catch (err) {
        //
        // If 'err' is `auth/requires-recent-login`, Firebase docs say to try something like the below:
        //
        const auth = getFirebaseAuth()      // my function for generating auth.currentUser
        const credential = getCredential()  // my function for generating credential

        // THIS FAILS, because the function does not exist
        await FirebaseAuthentication.reauthenticateWithCredential(auth.currentUser, credential)  

        await FirebaseAuthentication.deleteUser()      // retry
    }
}


### Other information

Error: "FirebaseAuthentication.reauthenticateWithCredential()" is not implemented on web

### Capacitor doctor

💊   Capacitor Doctor  💊 

Latest Dependencies:

  @capacitor/cli: 5.6.0
  @capacitor/core: 5.6.0
  @capacitor/android: 5.6.0
  @capacitor/ios: 5.6.0

Installed Dependencies:

  @capacitor/cli: 5.6.0
  @capacitor/core: 5.6.0
  @capacitor/ios: 5.6.0
  @capacitor/android: 5.6.0

### Before submitting

- [X] I have read and followed the [bug report guidelines](https://capawesome.io/contributing/bug-reports/).
- [X] I have attached links to possibly related issues and discussions.
- [X] I understand that incomplete issues (e.g. without reproduction) are closed.

[robingenz]

Thank you for your request! This method definitely missing. I will take a look. On the web, you can already solve the problem by calling the Firebase JS SDK directly. There is only no workaround with the Firebase Android and iOS SDK.

[robingenz]

BTW: I'm currently showing my users the following message:

This operation is sensitive and requires recent authentication. Sign in again before retrying this request.

[waltercruz]

Maybe this is not the right place, but I will add a quick note:

According to App Store Review Guidelines, an application that provides login with apple needs to provide the delete user account and revoke the Access Token.

Maybe capacitor firebase should help with the last one too? (not so sure, hence I'm asking).

https://firebase.google.com/docs/auth/web/apple#token-revocation

[robingenz]

@waltercruz Yes, we should add this method. Please create a feature request.