Firebase auth password reset sends expired link - firebase

I'm creating a flutter app and use Firebase Auth, everything works just fine including Facebook and Google sign ins, however, once password reset link is sent via email, it shows up as already expired.
I have found this answer which states "you need to include the app itself which is where the emails originate: .firebaseapp.com", I don't understand what type of credential needs to be added. Could someone look at the images below and advice what is missing? Or is this not the problem in my case? What else should I check?
Credentials:
Firebase console:
Webpage:

In case anyone runs into an issue like this, here's what solved my issue (thank you, Firebase support!!!).
Go to Cloud Console, under APIs & Services > Credentials
Select API key that has "Restrictions" as "HTTP referers" (See question picture "Credentials").
Under "Application restrictions", add https://Project_ID.firebaseapp.com (hence you need to copy your Project ID from the firebase console (See question picture "Firebase console")
In my case I had AWS cognito credentials there and since I've moved to Firebase it was not updated.

Related

what is the difference between "firebase login" and "firebase login:ci"?

When i login with firebase login:ci it returns a token, but when I login with firebase login it does not. What is the difference in other functionality?
Deployment works as expected using firebase login but not with firebase login:ci and its token.
Posting Frank's comment as community wiki for visibility.
firebase login starts an interactive login flow that opens a browser tab, while firebase login:ci starts a flow that doesn't popup a browser and that can be used on so-called headless systems. But instead of asking us for the difference between the two commands, I recommend showing the command you expected to work and what happened instead

Firebase phone auth failing on app already in production with status code 17028

We are using firebase phone authentication to authenticate our users. We've been using it for over a year now.
Today at 13:00 GMT, new users are receiving 17028 An invalid safety_net_token was passed after entering their phone number.
I tried to verify each of the causes I found on the firebase docs:
Verifying the SHA1 and SHA256 on the firebase console (We use the fingerprints that are on the play store console)
Verifying the package name
The last app update was on October 1st and since then thousands of users created an account with Firebase Auth and there were no configuration changes on the firebase console.
Upon looking at other StackOverflow questions, the error we are getting is not the same as 17028 A safety_net_token was passed, but no matching SHA-256 was registered in the Firebase console. Please make sure that this application's packageName/SHA256 pair is registered in the Firebase Console Even though it is the same error code, in our case, it says an invalid token was passed.
We are using firebase with react-native-firebase module.
EDIT: After disabling Android device verification API from Google Cloud Console the verification is now working but with no device verification. (Users have to verify they're not robots with a CAPTCHA).
Update: It is working fine now, and the outage has been fixed.
It looks to be a firebase internal issue, and the only solution now is to disable "Android Device Verification" and all your users will see the Recaptcha page.
check
https://status.firebase.google.com/
https://status.firebase.google.com/incidents/TYeQBVB4kkzyk2kE8vbP

"An account already exists with the same email address" without a switched account

I'm experiencing a very weird issue with the Firebase Auth using Facebook. A month ago I've created a test user in Facebook to log in with like I always do, when I try to use it now, I get this error:
Error: An account already exists with the same email address but different sign-in credentials. Sign in using a provider associated with this email address.
I've seen this error before when people move from Facebook to Google with the same email. HOWEVER, this is not the case. This dummy Facebook user is totally not linked to a Google account. I can also find it's email address back in the Firebase console where it is still marked as Facebook:
This issue first appeared in the same timeframe as an upgrade of the Facebook plugin and SDK. I've however retested this account now on the old plugin and SDK versions and the issue remains, so this seems to be a coincidence.
Other accounts seem to work but we had a similar issue in our production environment which we now think could have been the same. This gives us the opportunity to fully debug this one.
Extra information:
The (web)app runs on Angular (Ionic cordova). We are using the firebase.auth.FacebookAuthProvider, the error appears on both the Cordova (firebase.auth().signInWithCredential) as web (afAuth.auth.signInWithPopup) version.
The network calls to Facebook and Googleapis seem to be ok and return the correct identity (see screenshot 2), it seems as if the Firebase package is incorrectly giving this error.
Console error:
Firebase Identitytoolkit Network response:

App is not verified when using Google Provider in firebase login

I used firebase.auth.signInWithPopup() from this documentation. However, I am getting this warning on the popup window saying that my app isn't verified yet. See image below.
I don't know where to start from here since as far as I can remember, I can't find anything about this on the firebase auth docs. Any advice?
Google now requires apps be verified when you request certain sensitive data:
https://developers.googleblog.com/2017/07/new-security-protections-to-reduce-risk.html
Firebase is not exempt. Why should it be? Any attacker can create a Firebase account with Google provider enabled and try to phish Google users with it.
Verify your app through this link OAuth consent screen

Firebase Project Invitation

I've a project using Firebase, and I need to add an owner to the project.
This is how I added him:
Opened the project in the Firebase console.
Clicked on the settings wheel next to the project name, and selected permissions.
Firebase launches a new page "IAM & Admin".
Pressed on Add, which shows a popup.
Entered the user gmail address, which auto completes so it could never be a wrong email.
Selected the role as OWNER.
Pressed on ADD button.
Now it shows me the user in the permissions list, with the message:
Invitation sent. Pending acceptance.
I've seen this answer, which says :
The newly added users may sometimes not be getting an email invite. So be certain to let them know that you added them.
I've let the user share his screen with me on Skype, and this is what happens:
The user do get an email invitation, when he presses on accept invitation, the firebase console page is opened with the project name in the url !
But it doesn't show the project which I've shared. it just loads the Firbease console showing different projects that he owns from before !
And I still see this message:
Invitation sent. Pending acceptance.
As #Frank has mentioned this is probably a bug that should be fixed in the firebase console.
I've managed to do a workaround by not using Firebase permissions, but by using Google Cloud service instead.
In Google Cloud Services console I do have access to the same projects in Firebase console, so I opened the project, from the menu selected IAM & ADMIN which looks exactly the same as the IAM & ADMIN in firebase console, I've added the collaborator as an owner exactly as I've mentioned in the details above, and what do you know ! an email invitation was sent, the user accepted the request successfully.
And when he opened his Firebase console again, the project is now available in his projects list.
firebaser here
This is a known issue in the workflow for adding Owners that was introduced recently. It should be fixed soon, but in the meantime you can work around it by first adding the user as an Editor (no invite/accept workflow required), and THEN adding the user as an Owner (accept invitation workflow should be properly displayed).
Tried the GCP approach with same result - nothing! BUT, after an hour the profect appeared in my member's Firebase and GCP dashboards.

Resources