search

firebase / FirebaseUI-Android

Optimized UI components for Firebase
https://firebaseopensource.com/projects/firebase/firebaseui-android/
Apache License 2.0
4.61k stars 1.83k forks source link

FirebaseAuthUI issue keeps trying to sign me up instead of logging in when trying to use email on Android #2145

Open nicolo09 opened 8 months ago

nicolo09 commented 8 months ago

Step 1: Are you in the right place?

Asking here since this problem is almost certainly related to a security feature of firebase auth that should not be disabled and it should be solved here instead

Step 2: Describe your environment

Step 3: Describe the problem:

When I write my email and click next it goes to the sign up window instead of asking my password, and if I fill the form and press save it says there's an error with my email address (because it already is in the DB) preventing a signed up user from signing in

Steps to reproduce:

  1. Make a new Firebase project
  2. Make an android app using the firebase default login ui
  3. Try to sign in with an email

Observed Results:

When disabling email enumeration protection from google cloud console it works

Relevant Code:

Original question on stackoverflow with workaround provided by Frank van Puffelen in comments

bdmariobd commented 8 months ago

Facing the same issue!

tgrtb commented 8 months ago

Same here. Also when disallowing new accounts ( AuthUI.IdpConfig.EmailBuilder().setAllowNewAccounts(false) ) it complains that no matching email address is found, but I can see the accounts in the Firebase console and I can login with a direct call to FirebaseAuth.getInstance().signInWithEmailAndPassword(...)

mp3killa commented 7 months ago

same thing here

MichaelsPlayground commented 6 months ago

There is a simple explanation and solution for this behaviour on new Firebase projects: Google changed the default settings for Authentication but did not update FirebaseUI accordingly. To get your authentication to work go to the Firebase console, select your project and product Authentication.

In product Authentication go to Settings - User actions and disable 'Email enumeration protection' although it is named as "recommended" - if enabled this will fail your attemps to sign-in an existing user.

firebase_authentication_settings
fwadnjar commented 6 months ago

https://github.com/firebase/FirebaseUI-Android/issues/2142#issue-1943284812

Casey10110 commented 5 months ago

This project is dead, I recommend users avoid it. If you want some advice from someone with experience (unless you have a large team and a lot of money): 1) create your own email sign-in for Android 2) don't use Google, Facebook etc for logging in because they will just break on this or that platform and cause you headaches and time.