I am checking out Google Auth with the new firebase (web) and I am getting this "Authentication Disabled" message when I try to pop up Google Auth on click of a button.
I have clearly enabled Google sign in from Auth and followed configuration example from https://www.firebase.com/docs/web/guide/login/google.html.
I have generated client ID and secret as per the document.
Here are my urls configured in Google console
https://auth.firebase.com
https://auth.firebase.com/v2/exampleXXX-XXX-loss/auth/google/callback
I have pasted the client ID and secret in Web SDK configuration for Google Signin
What am I missing ?
Probably the best way to go with your current project is upgrade it to the newest Firebase version. Go to https://console.firebase.google.com/ scroll down to the section "Your projects currently at Firebase.com" and hit the "Import" button.
After this you'll be able to use the new capabilities of Firebase 3 and specifically for Google Sign-in you can check this page https://firebase.google.com/docs/auth/web/google-signin
Have fun out there!
Try to use the newest firebase sdk. Or try to switch to google firebase. Google firebase is similar to firebase, however, it is easier to implement the code, in your existing project.
Related
I've added my project to firestore and I'm doing firestore google auth just fine.
My problem is firebase firestore.
It just doesn't work and I have no idea why.
I'm trying to do a simple add before doing the actual process for my app and it doesn't work.
here I implemented a simple function to add a user and then called it, doing it all in build function.
I get this in my console:
p.s.
"adding user" is printed on console.
p.s.
I do have the firebase_options.dart file.
These thing are you sure that the correct:
1.Using correct google_services.json file
2.Edit Fire store rules if you are not using authorization
You have to manually whitelist your existing Google OAuth 2.0 client IDs in the Firebase console before using it with the new Auth APIs.
In order to do so, follow these steps:
Go to the Credentials section in the Google API Console.
Select from the top right corner the project where you had previously configured Google Sign-In.
Go to the OAuth 2.0 client IDs section
If you are using Google Sign-In on Android or iOS applications:
Take note of the Client ID string corresponding to all the entries registered for your applications.
Input these Client IDs into your Firebase project’s configuration:
Go to the Firebase console at https://console.firebase.google.com
Open the Auth section
Under Sign-In methods, open the Google configuration, and add there all you client IDs, to the whitelist of client IDs from external projects.
If you are using Google Sign-In on a web application:
Click to open your web client ID and take note of both the client ID and secret.
Input this Client ID into your Firebase project’s configuration:
Go to the Firebase console at https://console.firebase.google.com
Open the Auth section
Under Sign-In methods, open the Google configuration, and add the values under the Web SDK configuration section.
I've updated the firebase library recently and didn't change anything else.
implementation 'com.google.firebase:firebase-auth:20.0.1'
implementation 'com.google.firebase:firebase-messaging:21.0.0'
implementation 'com.google.firebase:firebase-storage:19.2.0'
implementation 'com.google.android.gms:play-services-auth:19.0.0'
but whenever a user tries to signup, a Recaptcha is showing for a few seconds and then sometimes redirects to a web browser (CustomChromeTab) after that OTP is received from firebase auth. It takes about 15-30 seconds. How to prevent the Recaptcha? However, I added the SHA1 and SHA256 in the firebase console and have not changed the code. Thanks.
Here is the screenshot of the captcha verification process:
Most of the times while implementing dependencies like:
implementation 'androidx.browser:browser:1.2.0'
the above window pops-up in the browser.
Here, is a way to resolve it successfully.
Step 1-
In the Google Cloud Console, enable the Android DeviceCheck API for your project. The default Firebase API Key will be used, and needs to be allowed to access the DeviceCheck API.
Step 2-
If you haven't yet specified your app's SHA-256 fingerprint, do so from the Settings Page of the Firebase console. Refer to Authenticating Your Client for details on how to get your app's SHA-256 fingerprint.
Hope it works!!!
For more information, you can also check Google SafetyNet API for checking Google Play Services installation in device at the time of Phone Authentication.
Also, need to perform additional steps:
Firebase Project Settings > App check > and Register firebase project in SafetyNet and Play Integrity register with default time token 1 hour.
Don't forget to go in Firebase Project Settings > App check > and Register firebase project in SafetyNet and Play Integrity register with default time token 1 hour and u will remove reCaptcha from phone auth OTP!
Try this alternative method to disable reCaptcha
mAuth = FirebaseAuth.getInstance();
// set this to remove reCaptcha web
mAuth.getFirebaseAuthSettings().setAppVerificationDisabledForTesting(true);
because I've been following Mohd Asim answer, and it doesn't work.
In order to remove the captcha verification, you have to do this in Google cloud console.
IMPORTANT (you may have done that, but for the reminder):
Add the SHA1 and SHA256 of your project (see how to get) in the firebase project setting page (See how to set).
Go to the Library page in the Google APIs Console.
In the search bar type "Android Device Verification", and select the Android Device Verification box (API). The Android Device Verification API dashboard screen appears.
If the API isn't already enabled, click Enable. Hope here your problem solves and if not then proceed further.
If the Create credentials button appears, click on it to generate an API key. Otherwise, click the All API credentials drop-down list, then select the API key that's associated with your project that has enabled the Android Device Verification API.
In the sidebar on the left, click Credentials. Copy the API key that appears.
Use this API key when you call the attest() method of the SafetyNetClient class.
For more information read this official page - https://developer.android.com/training/safetynet/attestation
go to google cloud console
Select project it should be same project in which firebase is running and make sure you have added sha-1 and sha-256 of both debug and release version and put updated google-services.json file in your app.
search android device verification
click on enable
5.done
I developed an app to test the google login feature using flutter and google authentication. The project is a closed project and only I have access to it. But recently I saw that there was a google sign in from an unknown Email ID. How did the user login without the build of my app? Has my account been hacked? What is going on?
Anyone with knowledge of your project's API Keys can access your Firebase Project using simple CURL Commands.
This is why it's a good idea to add restriction to those API Keys
In case you haven't, go to https://console.cloud.google.com and
Select your project
Click the menu icon at the top left (hamburger icon)
Go to API & Services and then credentials
You can view the APIs for your Google Cloud Project (linked to your Firebase Project) and then set restrictions for the API keys, refresh them or restrict access to specific platforms like Android or iOS.
You can also set restrictions on which components of Firebase the API key is allowed to access. For example, if your project doesn't require the use of Cloud Firestore, you can ensure that the API Key cannot be used to make calls to the Firestore Database
All said and done, I would still recommend that you shoot a mail to the Firebase Support team at https://firebase.google.com/support/troubleshooter/contact
To anyone still wondering about this:
If you provide a native google sign in and the registered
email adresses look like this:
karolynmccorkle.91842#gmail.com
normabrock.69306#gmail.com
guillermogeorge.53163#gmail.com
kylegomez.35423#gmail.com
opalbarrett.09499#gmail.com
they are probably test accounts used to generate Google Plays Pre-Launch reports.
You can read about it in the Play Console Help here.
If your app has a sign-in screen and you want the crawler to test the
sign-in process or the content behind it, you need to provide account
credentials.
Note that you do not need to provide credentials if your
app supports "Sign-in with Google,” which enables the crawler to log
in automatically.
I'm trying to get Google Login working with Firebase from an Expo snack. I can login with Google and get the idToken and accessToken, but when I try to signInWithCredential to Firebase, I get a message that "the Google id_token is not allowed to be used with this application.". I feel like I'm missing some Firebase configuration step that I couldn't find in any of the Expo Firebase tutorials.
What step might be missing in my Firebase configuration or this Expo snack? https://snack.expo.io/HJWiiNRtW
Older post, but for posterity sake:
Your setup on the Expo snack looks fine. The problem you are having is a result of a mismatch between the client ID in the google developer console and firebase google Web SDK settings.
From google developer console, in your app, this will be the Client ID for Web application
603386649315-vp4revvrcgrcjme51ebuhbkbspl048l9.apps.googleusercontent.com
there will also be a client secret in there too.
In the firebase console for your app, in the authentication section, under google, click on Web SDK Configuration
and put the above noted project number (Web client ID) and client secret, and put these in their respective spots.
You will see that the project # being referenced in the error "873097287154..." will already be in the Web Client ID text box which is what you will replace with the client ID from google as noted above.
I used firebase.auth.signInWithPopup() from this documentation. However, I am getting this warning on the popup window saying that my app isn't verified yet. See image below.
I don't know where to start from here since as far as I can remember, I can't find anything about this on the firebase auth docs. Any advice?
Google now requires apps be verified when you request certain sensitive data:
https://developers.googleblog.com/2017/07/new-security-protections-to-reduce-risk.html
Firebase is not exempt. Why should it be? Any attacker can create a Firebase account with Google provider enabled and try to phish Google users with it.
Verify your app through this link OAuth consent screen