I've been looking at replacing all the links in the firebase password reset and welcome emails with something more custom, so it doesn't look terrible for users (so moving from https://some-app-123f.firebaseapp.com to link.some-app.com).
I thought that the best way to do this might be to use the firebase dynamic links, so I set up link.some-app.com in there. All good so far.
I generated a new dynamic link directly in the web interface. This is basically going to be used for everyone, or that is my hope. Let's call that link link.some-app.com/email-link. I have then set this up to point to https://some-app-123f.firebaseapp.com/__/auth/action. Going to the first takes me to the second, all good so far. The links just open the web, not apps, and no interstitial page.
I can replace the "Action URL" in the email template with link.some-app.com/email-link. When I email a password reset, I get a link that looks like this: https://link.some-app.com/email-link?mode=resetPassword&oobCode=[hash]&apiKey=[key]&lang=en
However, when I click on this link in debug mode (adding d=1 to the end), I get a bunch of errors:
The format of parameter (mode) is not whitelisted for this domain.
So I thought that I could solve this by using the whitelisting feature on the link domain in the firebase console, so I've tried a bunch of different options, but these are the two most permissive (to cover both domain bases, though I am pretty sure I need to be whitelisting the target domain i.e. firebase)
^https://some-app-123f.firebaseapp.com.*$
^https://link.some-app.com/email-link.*$
Am I completely missing something? Is this something that just isn't possible because it is redirecting back to firebase?
tl;dr: I'm trying to create an effectively serverless redirect link to the password reset functionality in firebase using a prettier url than firebase gives you out of the box
Your URL patterns are incorrect. You haven't escaped . Your pattern should be
^https://some-app-123f\.firebaseapp\.com/.*$
You don't need to add the second URL to whitelist.
If an improper program from the Dynamic Links prevents redirection to the sites that are beyond your control then you need to whitelist the URLs where the Dynamic Links can redirect to. For more information regarding whitelisting URLs please visit the link enter here .
Related
The FDL has been working fine in production for a few weeks and has suddenly started show this error in the browser as if it does not have a valid SSL certificate.
The FDL is generated via the API.
Is there a solution to remove this warning for my FDL?
I have raised a support request with GCP but have posted a question in here in case there is something I can do.
Turns out a received an email from Firebase about this 1 working day ago (before the weekend so I did not notice it).
I followed the instructions and several hours later it was working so I am assuming this was the issue.
Note it did not fix the issue immediately.
We’re writing to let you know that your Firebase Dynamic Links (FDL)
project(s) did not have configuration to prevent phishing, so we
generated Allowlist URLs that your Dynamic Links can redirect to.
Specifying a URL allowlist prevents third parties from using your API
key to create Dynamic Links that redirect from your FDL domain to
sites not on the allowlist.
What do I need to do? Review the generated URLs or to add additional
URLs:
Click 3 dot menu icon> Allowlist URL pattern from the Engage > Dynamic
Links page of the Firebase console for each project. Review the
auto-generated allowlist URLs to ensure they cover your intended link
destinations. [Optional] Specify up to ten regular expressions for
additional allowed URLs using RE2 syntax. See the images below for
clarity.
Only URLs that match one of your configured regular expressions can be
successfully used as a Dynamic Link's deep link or fallback link.
Your impacted project(s):
project1 project2
To learn more, see the Allow specific URL patterns documentation.
Feel free to reach out to our Firebase support team for more
assistance.
This issue I tried to reproduce:
I can able to reproduce if in My device setting time zone if I set date older then 1 month then this error will come.
I have a firebase project setup, and a domain, matoitechnology.com. Im trying to customize my domain through google domains so the emails dont go in the spam folder, but the dns authentication failed.
I blurred out everything, but I just copy and pasted the values given.
Firebase auth details
google domains:
domains screenshot
The one thing that I feel i may be doing wrong is that firebase seems to have two separate text records, but google domains will only allow me to create one record with multiple values. If i try to add another text record, it will try to replace my current text record. Any ideas?
Google Domains seems to append your domain automatically to whatever record you paste in. So if you paste firebase1._domainkey.yourdomain.com into the record in Google Domains (as instructed by directions in Firebase), your actual value will likely be firebase1._domainkey.yourdomain.com.yourdomain.com. It's easy to overlook, and was the issue for me.
I can't seem to set up Firebase > Dynamic Links using the Google-provided domain '[my-app-name].page.link'.
I'm trying to use Firebase > Dynamic Links for the first time so that I can use email-address-only authentication in my React Native app. I don't want to pay for a custom domain just to set up a TXT record so that Google can verify the domain, so I'd like to use the Google-provided domain name.
The problem I have with that is when I go to https://console.firebase.google.com/u/0/project/[my-app-id]/durablelinks, click on the 'Get Started' button, select the Google-provided '[my-app-name].page.link', and click 'Continue' I get the error:
This name is unable to be used by anyone. If you believe this is a mistake please reach out to support.
And looking for support led me here.
How can I use '[my-app-name].page.link' as my Dynamic Link so that I can pass dynamicLinkDomain to auth().sendSignInLinkToEmail and get the password-less authentication working?
Thank you!
I can't comment, but it seems that the answer you're looking for is in this question answered by Jeff Avis.
In short: type in anything.page.link and firebase will verify if it's valid or not.
It seems that the problem you're facing is that you've already used the domain you are trying to reuse, and deleted it! that's why it's blocked by firebase for the time being at least.
I made a mobile app and used Firebase for backend and authentication. When I use firebase's built in email verification, the email always goes to the junk folder / spam.
Does anyone know how to fix this?
That's weird. Firebase made restrictions to avoid this problem. Check here
Spam filters normally look for these things:
Subject Line: looking for common words and phrases associated with spam.
Content: looking for suspicious links, low text to image ratios, and other spammy hallmarks.
Metadata: looking at the To/From/CC fields, the sender’s domain, and embedded code.
IP address: looking for IPs that have been flagged frequently as spam by both filters and recipients in the past.
More Info
Ill suggest using your own domain to send emails. You can check this article on how to do this. You will also get the extra benefit of looking more professional.
Hope it helps :)
Have a look at the headers of the received email message. Typically, Antispam tools use headers to add the detail of the scoring elements that lead to the message being flagged as spam. This will give you insights on why this happens since reasons can be multiple and cumulative (Title, content, DNS, DKIM, etc.)
I had the same exact problem,
The problem is that your sender name is noreply#project.firebaseapp.com
and that made all my emails going to spam.
What I did was to visit my console
https://console.firebase.google.com/project/project_name/authentication/emails
which is the template tab of the Authentication page.
Click on the pencil icon and click on the Customize Domain
enter image description here
Add and verify your domain.
That will solve the problem
I fixed this issue by only changing the project name.
Go to your firebase project > Project Settings > Main page.
There you'll see some public settings, change the name of your project, the default will show something like "project-(yourProjectId)", put for example "Project Name".
I need to track a subdomain under an existing property that is already tracking my domain. From the user's perspective they look like one site and I need to see the flow of traffic between them, so they should ideally be under the same property.
I'm trying to configure things so that I can tell the difference between data for the domain and subdomain in my reports. I've done some research and most of the instructions that I've found give the solution of a filter to show the full path of all URIs in your reports. But that would mean that the new data for the main domain no longer matches up with historical data: it would make it more difficult to compare to the past and would require me to update all my destination goals.
I would like to only show the full URI for the subdomain, so the data for my main domain stays consistent. I'm sure that adding on a subdomain to an established website is a pretty common scenario and I'm not the only person who has this issue.
I did find one set of instructions for showing the full hostname for just one subdomain: http://www.ericmobley.net/guide-to-tracking-multiple-subdomains-in-google-analytics/
I set up the advanced filter as he specified, with my subdomain in brackets as the expression in the hostname field (screenshot: http://i.stack.imgur.com/5zc6c.png). When I checked my reports to test this, the real-time reports were showing the full path of traffic to the subdomain but not the main domain. The subdomain URIs were displaying in brackets. However, in the Behaviour reports the hostname wasn't showing up for either site and there was no distinction between traffic to the domain and subdomain.
What am I doing wrong here? Is it possible to create a filter that does what I want?
Advanced filter fields use regex, so field A should look like this
(support\.whatever\.org\.au)
Note that this filter includes ONLY the support sub domain.