This user's credential isn't valid for this project. This can happen if the user's token has been tampered with, or if the user isn't for the project associated with this API key.
Everything working fine without any changes today I get above error, When I send request for verification code get success from signInWithPhoneNumber but verification code didn't getting.
I tried with adding test number in firebase console but get same error.
Let me know if any know how to fixed that.
Thanks in advance!
Clearing the cash of google play services to solve it.
This happens when I uninstall and reinstall the app multiple times and signing in into multiple accounts and change the system clock frequently for testing.
Related
We are using firebase phone authentication to authenticate our users. We've been using it for over a year now.
Today at 13:00 GMT, new users are receiving 17028 An invalid safety_net_token was passed after entering their phone number.
I tried to verify each of the causes I found on the firebase docs:
Verifying the SHA1 and SHA256 on the firebase console (We use the fingerprints that are on the play store console)
Verifying the package name
The last app update was on October 1st and since then thousands of users created an account with Firebase Auth and there were no configuration changes on the firebase console.
Upon looking at other StackOverflow questions, the error we are getting is not the same as 17028 A safety_net_token was passed, but no matching SHA-256 was registered in the Firebase console. Please make sure that this application's packageName/SHA256 pair is registered in the Firebase Console Even though it is the same error code, in our case, it says an invalid token was passed.
We are using firebase with react-native-firebase module.
EDIT: After disabling Android device verification API from Google Cloud Console the verification is now working but with no device verification. (Users have to verify they're not robots with a CAPTCHA).
Update: It is working fine now, and the outage has been fixed.
It looks to be a firebase internal issue, and the only solution now is to disable "Android Device Verification" and all your users will see the Recaptcha page.
check
https://status.firebase.google.com/
https://status.firebase.google.com/incidents/TYeQBVB4kkzyk2kE8vbP
I'm experiencing a very weird issue with the Firebase Auth using Facebook. A month ago I've created a test user in Facebook to log in with like I always do, when I try to use it now, I get this error:
Error: An account already exists with the same email address but different sign-in credentials. Sign in using a provider associated with this email address.
I've seen this error before when people move from Facebook to Google with the same email. HOWEVER, this is not the case. This dummy Facebook user is totally not linked to a Google account. I can also find it's email address back in the Firebase console where it is still marked as Facebook:
This issue first appeared in the same timeframe as an upgrade of the Facebook plugin and SDK. I've however retested this account now on the old plugin and SDK versions and the issue remains, so this seems to be a coincidence.
Other accounts seem to work but we had a similar issue in our production environment which we now think could have been the same. This gives us the opportunity to fully debug this one.
Extra information:
The (web)app runs on Angular (Ionic cordova). We are using the firebase.auth.FacebookAuthProvider, the error appears on both the Cordova (firebase.auth().signInWithCredential) as web (afAuth.auth.signInWithPopup) version.
The network calls to Facebook and Googleapis seem to be ok and return the correct identity (see screenshot 2), it seems as if the Firebase package is incorrectly giving this error.
Console error:
Firebase Identitytoolkit Network response:
I've incorporated Firebase Cloud Messaging into my app. After messing around, I kind of understood the premise of how it operates. So, as a result, I structured my code so that when users sign up the FCM token is stored. After creating two accounts, I realise both FCM tokens for the user were the same.
Looked online and sorted this issue, and now I can refresh the token on launch, and still append the new FCM token when users initially sign up.
So now, I ask the question - Users are created with a fcmToken field (which I can refer to in my code), however, due to the fact a new token is generated on launch each time does this render the token(s) stored for each user useless? Or can I still push to the specific user using the fcmToken?
I've looked online, but can't seem to find an answer.
FCM tokens don't uniquely identify an individual end user. They identify a specific installation of an app on a specific device. When sending with that token, it doesn't matter who is signed in to the app (or if anyone is signed in at all) - the app will still receive it and need to figure out what to do with it. It's up to you to decide what to do with that message, given the sign-in state of the user. If you expect that your app could have multiple users sharing a single app on a single device, then you will probably want to send something in the payload to determine who that message was intended for, if necessary.
#doug great answer, but there's a common implementation problem when people share a device, so please add a warning, something like: often only the last logged in user should receive push notifications, otherwise he could see messages from the person who was logged in before. your backend should not only store all the devices a user is logged in, but also for each device who the last active user is and check this upon sending a push. the question whether you receive push or not when logged out is a common topic, too.
I'm creating a flutter app and use Firebase Auth, everything works just fine including Facebook and Google sign ins, however, once password reset link is sent via email, it shows up as already expired.
I have found this answer which states "you need to include the app itself which is where the emails originate: .firebaseapp.com", I don't understand what type of credential needs to be added. Could someone look at the images below and advice what is missing? Or is this not the problem in my case? What else should I check?
Credentials:
Firebase console:
Webpage:
In case anyone runs into an issue like this, here's what solved my issue (thank you, Firebase support!!!).
Go to Cloud Console, under APIs & Services > Credentials
Select API key that has "Restrictions" as "HTTP referers" (See question picture "Credentials").
Under "Application restrictions", add https://Project_ID.firebaseapp.com (hence you need to copy your Project ID from the firebase console (See question picture "Firebase console")
In my case I had AWS cognito credentials there and since I've moved to Firebase it was not updated.
I used firebase.auth.signInWithPopup() from this documentation. However, I am getting this warning on the popup window saying that my app isn't verified yet. See image below.
I don't know where to start from here since as far as I can remember, I can't find anything about this on the firebase auth docs. Any advice?
Google now requires apps be verified when you request certain sensitive data:
https://developers.googleblog.com/2017/07/new-security-protections-to-reduce-risk.html
Firebase is not exempt. Why should it be? Any attacker can create a Firebase account with Google provider enabled and try to phish Google users with it.
Verify your app through this link OAuth consent screen