When i login with firebase login:ci it returns a token, but when I login with firebase login it does not. What is the difference in other functionality?
Deployment works as expected using firebase login but not with firebase login:ci and its token.
Posting Frank's comment as community wiki for visibility.
firebase login starts an interactive login flow that opens a browser tab, while firebase login:ci starts a flow that doesn't popup a browser and that can be used on so-called headless systems. But instead of asking us for the difference between the two commands, I recommend showing the command you expected to work and what happened instead
Related
We are using firebase phone authentication to authenticate our users. We've been using it for over a year now.
Today at 13:00 GMT, new users are receiving 17028 An invalid safety_net_token was passed after entering their phone number.
I tried to verify each of the causes I found on the firebase docs:
Verifying the SHA1 and SHA256 on the firebase console (We use the fingerprints that are on the play store console)
Verifying the package name
The last app update was on October 1st and since then thousands of users created an account with Firebase Auth and there were no configuration changes on the firebase console.
Upon looking at other StackOverflow questions, the error we are getting is not the same as 17028 A safety_net_token was passed, but no matching SHA-256 was registered in the Firebase console. Please make sure that this application's packageName/SHA256 pair is registered in the Firebase Console Even though it is the same error code, in our case, it says an invalid token was passed.
We are using firebase with react-native-firebase module.
EDIT: After disabling Android device verification API from Google Cloud Console the verification is now working but with no device verification. (Users have to verify they're not robots with a CAPTCHA).
Update: It is working fine now, and the outage has been fixed.
It looks to be a firebase internal issue, and the only solution now is to disable "Android Device Verification" and all your users will see the Recaptcha page.
check
https://status.firebase.google.com/
https://status.firebase.google.com/incidents/TYeQBVB4kkzyk2kE8vbP
I'm using Firebase auth, and my app is working fine. But when I run it in the emulator, I get a login event, followed immediately by a logout event (user=null). I am setting it up with firebase.auth().useEmulator('http://localhost:9099') as required.
I see this error in my Chrome dev tools log which may or may not be the cause:
POST http://localhost:9099/www.googleapis.com/identitytoolkit/v3/relyingparty/getAccountInfo?key=AIzaSyCwV8E9N0nw3euy7cJFhe-OY4j2iTuvXYZ 400 (Bad Request)
I do see the auth events in the emulator console:
Received a signed JWT. Auth Emulator does not validate JWTs and IS NOT SECURE
so I know it's touching the auth emulator. But, I see sign-in events and user creations in my real Firebase auth console, not my emulator console -- so it seems like it's only halfway using the auth emulator. Is there some trick to getting this to work locally?
I have written a HTTP cloud function called send_push. It basically receives payload from a perl script and sends out push notifications via FCM to the tokens provided. Tested it in unauthenticated mode and everything works well. This "perl script" is open source. People download that perl script and use it to send notifications to my mobile app (which they buy from the app/play store). So obviously, the perl script cannot come with any of my secrets or service accounts.
I now want to add authentication to that cloud function. My goal is to allow my function to be called by any user who is signed into google using their own credentials. To enable this, I've gone to https://console.firebase.google.com/u/0/project/<myproject>/authentication/providers and enabled "Email/password" and "google" in the hopes that anyone who signs up using an email/password or directly via google login can then invoke my function. I've also enabled allAuthenticatedUsers for my send_push function and removed allUsers
Have I made the right assumptions? I've been going around in loops trying to parse the cloud functions authentication documentation.
If I have made the right assumptions, what libraries can I use on the perl script side that can prompt the user to enter their login credentials (via google or email sign up) and then use that data to generate and refresh tokens? They won't have gcloud installed, so I can't do things like $(gcloud auth print-identity-token) for authentication, which I think anyway is for developers.
Note that the sample cloud authentication code shows how my endpoint can authenticate against firebase users that have registered with _my_app. This is not what I want.
I'm creating a flutter app and use Firebase Auth, everything works just fine including Facebook and Google sign ins, however, once password reset link is sent via email, it shows up as already expired.
I have found this answer which states "you need to include the app itself which is where the emails originate: .firebaseapp.com", I don't understand what type of credential needs to be added. Could someone look at the images below and advice what is missing? Or is this not the problem in my case? What else should I check?
Credentials:
Firebase console:
Webpage:
In case anyone runs into an issue like this, here's what solved my issue (thank you, Firebase support!!!).
Go to Cloud Console, under APIs & Services > Credentials
Select API key that has "Restrictions" as "HTTP referers" (See question picture "Credentials").
Under "Application restrictions", add https://Project_ID.firebaseapp.com (hence you need to copy your Project ID from the firebase console (See question picture "Firebase console")
In my case I had AWS cognito credentials there and since I've moved to Firebase it was not updated.
I used firebase.auth.signInWithPopup() from this documentation. However, I am getting this warning on the popup window saying that my app isn't verified yet. See image below.
I don't know where to start from here since as far as I can remember, I can't find anything about this on the firebase auth docs. Any advice?
Google now requires apps be verified when you request certain sensitive data:
https://developers.googleblog.com/2017/07/new-security-protections-to-reduce-risk.html
Firebase is not exempt. Why should it be? Any attacker can create a Firebase account with Google provider enabled and try to phish Google users with it.
Verify your app through this link OAuth consent screen