-
Notifications
You must be signed in to change notification settings - Fork 1.1k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
FirebaseUI always try to create a new account also if email exists in Firebase Auth #1040
Comments
I'm encountering the same issue on a new project with AngularFire + FirebaseUI (cannot Sign in with Email):
I compared the network tab in this project compared to an older project:
Versions: "@angular/fire": "^7.6.1",
"firebase": "^9.23.0",
"firebaseui": "^6.1.0",
"firebaseui-angular": "^6.1.3", |
Exactly like me... i did the same things using Network, looking at the Console but nothing found. Do you suggesto to do a downgrade? Which version is a working version? |
Tried downgrading from 6.1.0 to 6.0.0, but it didn't help. firebaseui-web/javascript/widgets/authui.js Line 1174 in 85fbdd4
For some reason, it's returning import { getAuth, fetchSignInMethodsForEmail } from 'firebase/auth'; // or from '@angular/fire/auth';
constructor() {
fetchSignInMethodsForEmail(getAuth(), '[email protected]').then(console.log); // prints [] instead of ['password']
} Related iOS issue: firebase/firebase-ios-sdk#11810 |
Related: https://stackoverflow.com/questions/77115477/reactjs-and-firebase-ui-authentication-problems
|
I got the same issue!!!
Is there any way to fix this issue or any old verison I can use to avoid this issue? Thankyou very much! |
Is there no resolution for this? Or should I just no use Firebase? Seems like a pretty egregious bug. |
For now i solved without using Firebase UI for authentication but just using Firebase with custom email and password fields that works. The problem is just with Firebase UI.. waiting for resolution... |
i am facing the same issue with new firebase project. works fine on old project |
Also facing this. FYI: this appears to be a Google issue (see comments from @paulb777): firebase/firebase-ios-sdk#11810 (comment) No apparent fix available yet. |
I am having the same problem, I am having it on Firebase Ui Android native, and Firebase UI Flutter |
It looks like this is a breaking change for email/password sign-in due to the Email Enumeration Protection changes in Firebase. This feature is enabled by default as of 15 September 2023. Unfortunately, it seems this project (Firebase UI) is seemingly abandoned by Google, so you either need to roll your own email/password sign-in solution against the Firebase SDKs or look at alternative projects. It's not the best developer experience: you follow the Firebase docs to get started, Firebase UI is prominently recommended, then you later find out that it doesn't fully work and they've stopped maintaining it (with no obvious alternative available). Maybe they will swap to giving examples of how to roll your own; that would be better than starting your project then later realising you need to take multiple steps backward. |
It is a backend issue, you can just disable email-enumeraion-protection as work around: |
How can I run this? When adding it to top level module of my firebase functions It won't analyse. EDIT: figured it out - you can run the command in the GCP terminal to get the accees token. |
As @sgb-io and @victorcastro89 noted, this is due to a change in defaults for Firebase Authentication. On September 15, 2023 email enumeration protection was enabled by default for all new Firebase projects created after that date to boost security. When this setting is enabled, it limits the ability to check for what existing sign in methods exist for an email address through the We're going to update FirebaseUI to take away this conditional behavior. Until we do that, unfortunately the only workaround is to disable email enumeration protection on your Firebase project's underlying Cloud project. Related issue: firebase/firebase-js-sdk#7644 (comment) |
Also could fix it with the curl command from the terminal. First get the ACCESS_TOKEN Now replace ACCESS_TOKEN and PROJCT_ID ` |
Please mark this as answer for others can easily find the temporary solution @ralf00 |
@ralf00 Try turning off email enumerations from auth-setting in your account. |
I don't know how you figured this out, but thank you a lot. |
Hi @jhuleatt, thanks for the workaround - any word on when the official fix will be up? |
Adding my +1 here. Would love to see insta sign in (not checking if account exist on first try) |
+1 .. no fix yet. |
+1 |
2 similar comments
+1 |
+1 |
Disabling email enumeration protection on the firebase console worked for me. Not cool having to patch up my project with workarounds, but at least it's something until they release an official fix. |
This also fixed it for me |
A little comment about this in the README would go a long way I think (until it's fixed). I wanted to try out firebase (and nextjs) and I made a test app using nextjs, then another one using node/express just to make sure I didn't mess up the nextjs stuff, then I looked in the FirebaseUI README to see if maybe I'm supposed to change the configuration, all to no avail. It's hard to guess that such an official resource like FirebaseUI would have an issue in what is basically its "hello world", and without guessing that there's something wrong with it it's hard to find answers pointing to the new setting. |
+1 |
any progress? |
+1 |
Any updates? |
+1 |
1 similar comment
+1 |
"egregious bug", couldn't agree more. A "drop-in solution" should at least allow you to setup a working proof of concept out of the box with default config. And it is still not fixed 8 months after the issue is opened, what a shame. |
+1 works for me disable email protection |
Disabling email protection in the Firebase project does NOT work for me. Any more workaround suggestions? |
+1 still not fixed even with the GIP+IAP "Use an existing hosted sign-in page" |
+1 |
Still not fixed.. |
+1 |
Disable email protection workaround work, thanks for sharing. But as other mentioned, suppose it is drop in solution and i seems don't see it is deprecated, would like to +1 on this issue. I still love the convenience of firebase but having this bug in this common flow for a year really hurt developer experience. |
Still had |
+1 |
One year later |
Litrally using this product is a data protection issue in the Europe. It has caused millions of peoples emails to be exposed. And its literally the front end of the product. Can you just send us all our payout now? Or are you just going to continue to purposely ignore it. Cant you just right code with AI. Isn't 25 percent of your code AI written now |
Disable for email enumeration protection solve the problems. |
Hello,
i'm using firebase ui 10 on my nodejs project, implementing it in react (supported by this video https://www.youtube.com/watch?v=eTuJ47RvEdQ
everything seems to work good but with one big problem, if i insert the email address of a already existent user, it goes forward asking me to "Create a new account" and "Choose a new password" that is not what is expected.
If i put a password it goes on error telling me that the email address already exists and asking me to reset the password.
Anyone has encountered this issue? some advice?
The text was updated successfully, but these errors were encountered: