Cannot read property 'code' of undefined, Decoding Firebase ID token failed

Question

I intermittently get this error on about 5% of requests, and I am not sure why. It seems to work most of the time, but I'd like to get it to 100%.

{"name":"myapp","hostname":"worker-844ddfbc9f-ntlmz","pid":18,"level":50,
"err":"[Throws: Cannot read property 'code' of undefined]",
"msg":"Context creation failed: Decoding Firebase ID token failed. Make sure you passed the entire string JWT which represents an ID token. See https://firebase.google.com/docs/auth/admin/verify-id-tokens for details on how to retrieve an ID token.",
"time":"2020-02-12T02:16:33.538Z","v":0}
TypeError: Cannot read property 'code' of undefined
    at FirebaseAuthError.get [as code] (/app/node_modules/firebase-admin/lib/utils/error.js:51:35)
    at FirebaseAuthError.FirebaseError.toJSON (/app/node_modules/firebase-admin/lib/utils/error.js:67:24)
    at JSON.stringify (<anonymous>)
    at prettyJSONStringify (/app/node_modules/apollo-server-core/dist/runHttpQuery.js:257:17)
    at throwHttpGraphQLError (/app/node_modules/apollo-server-core/dist/runHttpQuery.js:26:42)
    at Object.<anonymous> (/app/node_modules/apollo-server-core/dist/runHttpQuery.js:66:28)
    at Generator.next (<anonymous>)
    at fulfilled (/app/node_modules/apollo-server-core/dist/runHttpQuery.js:4:58)
    at process._tickCallback (internal/process/next_tick.js:68:7)

client

const authLink = setContext(async (_, { headers }) => {
    let token;
    if (firebase.auth().currentUser) {
        token = await firebase.auth().currentUser.getIdToken();
    }
    return {
        headers: {
            ...headers,
            authorization: `Bearer ${token}`,
        },
    };
});

server

            let token = req.headers.authorization;

            if (!token || !token.length) {
                console.log('no token');
            }

            token = token.split('Bearer ')[1];

            // validate JWT and pluck user id
            const { uid } = await firebase.auth().verifyIdToken(token);

            // find the user based on id
            const user = await firebase.auth().getUser(uid);

Answer 1

Your client code will result an authorization header of Bearer undefined if the firebase.auth().currentUser is falsey. This authorization header will not cause no token to be logged in the server code (its length is 16). The server code will then fail when running firebase.auth().verifyIdToken('undefined').

You need to either prevent the client from sending the request if firebase.auth().currentUser is falsey or catch the undefined token in the server code.

Note: using an undefined variable in a template string results in the string 'undefined' (not an empty string).