Firebase Auth/unauthorized domain. Domain is not authorized - firebase

I am trying to run this sample firebase project, but I keep getting this error in the browser console.
Lf {code: "auth/unauthorized-domain", message: "This domain (mail-demo-fcm.firebaseapp.com) is not…se console -> Auth section -> Sign in method tab."}
code: "auth/unauthorized-domain"
message: "This domain (mail-demo-fcm.firebaseapp.com) is not authorized to run this operation. Add it to the OAuth redirect domains list in the Firebase console -> Auth section -> Sign in method tab."
I have enabled Google in Authentication -> Sign-in Method as sign-in providers.
Am I missing something ?
A little guide will be helpful.
And I am using Firebase's free plan.

You need to add domain mail-demo-fcm.firebaseapp.com to
Authentication menu in Firebase at Authorized domains

Below the sign-in method section, there is a Authorized domains section. I think you need to whitelist your domain there.

The authorized domains section might also be in the settings page. Here is a screenshot:

If localhost is already in the list of domains, make sure you're accessing your test app via http://localhost/ and not http://127.0.0.1/

Enable localhost and your own domain that you are using in the firebase console.
Login into firebase
Click on the authentication tab
Add authorized domains

The solution from #alkas was helpful, but I also needed to explicitly enable the Sign-in providers for my app (Email/Password, Google, etc) for this error to go away

In my case, I found the problem after deleting localhost from my "Authorized domains".
So I just add it (localhost), so everything is okay !
-localhost, because I'm on local,
-project_name.firebase.com and project_name.web.app when app deployed.
Thanks !

Open Firebase
Go to console
Open your project
Go to Authentication
sign-in-method
Add domain
Try it!
In my case it's working

Related

Firebase "this domain is not authorized to run this operation" error, yet also no "authorized websites" section

Error message when attempting to sign in via google as a would-be end user in my website:
This domain (maxloh.com) is not authorized to run this operation. Add
it to the OAuth redirect domains list in the Firebase console -> Auth
section -> Sign in method tab.
A pre-existing tells me to go into Authorized Domains.
Yet there is no such section: https://imgur.com/a/Igusaun
It seems there is some change in the layout. You can find the section to add Authorized Domains in Firebase console > Auth section > Settings > Authorized Domains
see this picture here
just go to firebase Auth then > settings > authorized domains > add your Hosted app link or if you are testing the app on local host just add localhost.

Firebase Google sign error: This domain is not authorized to run this operation

I just deploy my react app to firebase , after deployment I am having trouble getting the Firebase Google sign-in to work and got the error :"This domain (*********.web.app) is not authorized to run this operation. Add it to the OAuth redirect domains list in the Firebase console -> Auth section -> Sign in method tab."
see the error in below pic:
See This
also I've whitelist the domain and add it to authentication tab
See This
,but don't know why I still got the error. Can Anyone help me with this issue?
This problem is likely due to the sign-in methods that are enabled. In the firebase console, you need to enable the Google sign-in method

Can't login using Google Auth, 403: org_internal

Can't login using Google Auth,
Error 403: org_internal
This client is restricted to users within its organization.
Go to cloud console (https://console.cloud.google.com/apis/)
APIs and services
Credentials
Oath consent screen
Ensure Application type is set to "public" and not internal.
Obviously assuming that you are creating an app that should be accessible outside your org. If this is related to testing and phones, it is possible to create testusers that are excepted from company policy rules.
The reason for this error is indeed because the Application type is set to "internal".
But setting it to public is not always the right answer...
Add "&prompt=select_account" to the authentication url. This will force the user to select the correct (organization-)account.
Without the parameter, Google tries to show the consent screen for the logged in Google-account, but as it is not an organization-account it will just display the 403 page without giving the user this choice.
https://developers.google.com/identity/protocols/OpenIDConnect#prompt
I had an Internal app that I was trying to authenticate with one of our YouTube channels using an organization account, and I was getting the same error:
Authorization Error
Error 403: org_internal
This client is restricted to users within its organization.
After contacting Google Workspace Support, they asked me to Change the restriction on it from Limited to Trusted.
Steps are mentioned in this support thread: https://support.google.com/a/answer/7281227
Open the Google Admin Console.
From the sidebar menu, choose: Security → API Controls.
Click on MANAGE THIRD-PARTY APP ACCESS button.
Hover the cursor over the required app and click on Change access.
Choose the option: Trusted: Can access all Google services
And save the CHANGE.
Once you've done, take note that there will be 24 hours of propagation on it before it gradually takes effect.
Make sure, for the browser you are using, that you have logged out of "All" Google account(s). This should force the "select account" windows to display.
We have almost exactly the same problem while trying to configure WP Mail SMTP for Wordpress.
The OAuth Client's Application Type has to be "Internal" so changing it to "External" was not an option for us.
Hope this helps.
I had the same issue and in my case was because the project didn't had a support email address set it.
I fix it by adding one on the Firebase Console > Project Settings > General under the Public settings section.
This error is most likely due to the configuration of your application in Google Cloud Platform.
Setting your application to "internal" is causing this error. Try making your app "external" in the OAuth consent screen, but make sure it is in a "testing" status. Then, add yourself to the test users. This configuration will work well for an internal, lightweight application.
Once complete, try to authenticate with the channel again.
I had the same issue with a project. The error only appeared if I tried to log in to my app while already logged in with an account outside the organization (worked just fine while logged out of all accounts, or while logged in with an internal organization account). I had to change the OAuth Client's Application Type from Internal to Public in the Google Dev Console.
More info can be found at https://support.google.com/cloud/answer/6158849?hl=en
Maybe you have another google email to login, not the correct one.

How to replace the myApp-123.firebaseapp.com with my custom domain myApp.com

I am using Firebase Auth signInWithPopup() which is absolutely great. But
when initially configured, the popup reads:
Choose an account to continue to myApp-123.firebaseapp.com
I would really like it to read:
Choose an account to continue to myApp.com
How can I make the popup show my own domain?
In my solution that follows I should say that the steps I followed worked. It is possible that I did something that it not absolutely required, but to my knowledge and at this time, I have not broken anything.
This workflow (and the documentation) is a bit broken up because you must adjust both your Google Cloud Platform (GCP) credentials and the Firebase authentication. Documentation was provided by each side of this workflow but I was not able to find a document that covered the entire workflow to make this substitution.
GCP Console Setup
I first adjusted my GCP credentials for the OAuth Client:
Go to the GCP console > APIs & Services > Credentials page (https://console.cloud.google.com/apis/credentials?project=_ and select your project)
At the bottom of the page, find "OAuth 2.0 client IDs". There should be an entry titled "Web client (auto created by Google Service)"
To the right side of page click on the edit icon (pen), which opens the configuration page.
Under "Authorized JavaScript origins", you should see your yourFirebaseApp.firebaseapp.com domain. Click "+ Add URI" and add your custom URI. This should be an "https" domain, so use https://myApp.com
Under "Authorized redirect URIs", you should see https://yourFirebaseApp.firebaseapp.com/__/auth/handler. (The __/auth/handler bit on the tail is the auth callback that Firebase provides). Click "+ Add URI" and add your domain, with __/auth/handler at the end. (For example: https://myApp.com/__/auth/handler)
Click Save
Go to the OAuth Consent Screen (https://console.cloud.google.com/apis/credentials/consent/edit?project=_). Add your custom domain to "Application Homepage link", and fill in the "Application Name" and "Logo", and "Application Privacy Policy link" with custom values for your app.
Firebase Console Setup
Then, you'll need to add your custom domain to the Firebase auth authorized domain list:
Go to the Firebase Console > Authentication > Sign-in Methods page (https://console.firebase.google.com/project/_/authentication/providers and select your project)
Under "Authorized Domains" you should see localhost and the default yourFirebaseApp.firebaseapp.com domain. Click the "Add Domain" and enter your custom domain name, then click add.
Web App Setup
You will likely remember the block of code that you copied from your firebase project and pasted into the code from which you compile and deploy your Web App. (Some people use the hosting default init.js script - if you do, go back and setup your app using the config snippet instead)
Find the "authDomain" field in the code snippet, and change it to your custom domain, then re-deploy.
This procedure worked for me and my project, I have posted this in the hopes that these instructions may be refined via feedback from others performing this or similar operations.
I asked firebase support and got the following reply. Items in italics are my additions. This is more or less the same as Done's answer but with a custom domain. You do not need to host your app on Firebase.
--
Hi Jayen,
Thank you for reaching out. I'll be happy to assist you.
In order to update firebase-project-id.firebaseapp.com in the OAuth consent screen, you need a custom domain with Firebase Hosting (Firebase Console > Hosting > Connect Domain). This is because https://firebase-project-id.firebaseapp.com/__/auth/handler is hosted by Firebase Hosting. You need to point your custom domain to firebase-project-id.firebaseapp.com.
When connecting the custom domain, if you are not hosting your app on firebase, use a new subdomain (e.g. app.yourdomain.com) and do not redirect it. Firebase will prompt you to add a DNS entry and take of the SSL certificate automatically.
After connecting your custom domain to your Firebase project, you should also follow the steps below:
Go to the Firebase Console > Select Project > Authentication > Sign-in method > Facebook > Copy the URL under 'To complete setup, add this OAuth redirect URI to your Facebook app configuration.'
It will look something like https://firebase-project-id.firebaseapp.com/__/auth/handler
Replace the project ID with your custom domain. It will look something like: https://yourdomain.com/__/auth/handler
Go to the GCP Console > Select project > API Manager > Credentials > Add the link in #2 to the 'Authorized redirect URIs'
Then ensure to use yourdomain.com as the authDomain in your app's configuration instead of firebase-project-id.firebaseapp.com
firebase.initializeApp({
apiKey: ....,
authDomain: 'yourdomain.com',
...
});
Let me know if you have any other questions regarding this.
Regards,
Aye
--
In my case, yourdomain.com is where I host my site, so I used app.yourdomain.com where I needed it.
Firebase Hosting URL
handler url: https://app.yourdomain.com/__/auth/handler
GCP Credentials
Choose the right one under OAuth 2.0 client IDs . The client ID will match the one you have configured Firebase with in your code.
authDomain: "app.yourdomain.com"

Firebase: This domain is not authorized

I imported Firebase JS v3 API and used to initialize Firebase using:
firebase.initializeApp(config);
However the app failed to load correctly via web browser on localhost, resulting in the following error:
Error: This domain is not authorized for OAuth operations for your
Firebase project. Edit the list of authorized domains from the
Firebase console.
firebase.js:71:1333
I solved the problem by adding the localhost domain to OAuth redirect domains (within SETUP SIGN IN METHOD on the Auth tab of Firebase console).
in firebase console Auth --> Authorised domains
must equal (in Google cloud console -- > API & Services --> credentials ) :
must equal (in api config) :
Solution which worked for me after trying out all the options on the listed above and on other sites regarding using FireBase oAuth was the following:
login at https://console.cloud.google.com
Go to APIs & Services > Credentials
Once here, locate API Key you are using in your app that connects to FireBase
Now add your custom domain to HTTP Referrers
For android or ios or having your application on all three mediums, you will need to create API keys per medium.
Make sure the "authDomain" in your config matches the one in your firebase console. If you're running the app on localhost, make sure it's set to localhost and localhost exists on your firebase console.
Auth -> Sign In Method -> OAuth redirect domains
var config = {
apiKey: "...",
authDomain: "...", // this should match the one on your firebase console
databaseURL: "...",
storageBucket: "",
};
firebase.initializeApp(config);
Firebase Users
For me the source of the error was that the domain was not added in the firebase console.
Here is an image in the firebase console to add the custom domain for your website:
Firebase now has localhost as Authorized domains by default but if you are facing this for a custom domain, here is a quick solution.
Go to Google console Authentication tab > Settings > Authorized domains
Add your domain
(PS - About version, I'm using Firebase 9.9.3 on React.)
Problem Authorised domain Firebase Locahost OAUTH2
If you are using Google Chrome you can see a problem with the Identity Toolkit API
DISABLE. You need to enabled this API on the google cloud project to get OAUTH servcies in Firebase project.
https://console.developers.google.com/apis/api/identitytoolkit.googleapis.com/overview?project=project-id
For those having this issue in Heroku:
Make sure you keep the authDomain property with the same value you got from Firebase.
DO NOT change this to the current Heroku domain.
Not really specific to Android, but check the address in your actionCodeSettings.
actionCodeSettings.url must be correct and whitelisted.
Authenticate with Firebase Using Email Link in JavaScript
None of the above answers worked for me, as I already had localhost in Authorized domains list. For me the problem was incorrect API key, I must have somehow deleted one of the characters from it. I got a more descriptive (or rather - not misleading) error message when I changed to signInWithPopup to signInWithRedirect. Possibly the same problem might happen when the API key is expired.
None of the above solutions worked for me but this did.
Go to Google console Authentication tab > Sign In Method > Authorized Domains
Add 127.0.0.1
localhost was already in my Authorized Domains but in my case I needed to add 127.0.0.1 as well
The important point is.. you must add the yourprojectid.firebaseapp.com domain to the authorized domains.. not your real domain name. That worked for me.
I got this problem also and the domain was like this:
127.0.0.1:5173/
I just turned it into: localhost:5173 and it ran
without a problem.

Resources