[BUG] SignInOptions Password is not working - at all

[freddneos]

My first experience with FireCMS , I started from scratch using the latest version , My use case only login with password and email should be avaiable.

I started the application from scratch using Node 18 and yarn create firecms-app

Then I configured the firebase , and seems working well, the login page is displayed. it is working well with the default google auth, and I'm able to see the product's collection.

Now I added the props signInOptions={["password"]} <- my use case I already added a user on Firebase Auth Panel

and when I tried to login the following message appear :

Even with the 200 response from server.

After that I try to create a user and it happens :

I really liked the FireCMS solution But I'm not able to use on my usecase, I need a help ASAP.

Steps to reproduce :

1 - Create a new FireCMS project :

yarn create firecms-app

2 - add your firebase configuration :

3 - Turn on the Password and Email registration on Firebase Auth

4 - Add the props signInOptions with password param :

signInOptions={["password"]}

5 - Create a User (email and password) on Firebase Auth panel

6 - User the same user created on Firebase Auth panel on fireCMS Auth screen.

Any additional information that you need please let me know.

Follow My project dependencies :

"dependencies": { "@emotion/react": "^11.11.0", "@emotion/styled": "^11.11.0", "@firecms/data_enhancement": "^1.0.0", "@mui/icons-material": "^5", "@mui/lab": "^5.0.0-alpha.132", "@mui/material": "^5.13.3", "@mui/x-date-pickers": "^5.0.20", "firebase": "^9", "firecms": "^2.0.0", "react": "^18.2.0", "react-dom": "^18.2.0", "react-router": "^6", "react-router-dom": "^6" }, "devDependencies": { "@types/react": "^18.0.37", "@types/react-dom": "^18.0.11", "@typescript-eslint/eslint-plugin": "^5.59.0", "@typescript-eslint/parser": "^5.59.0", "@vitejs/plugin-react": "^4.0.0", "eslint": "^8.38.0", "eslint-plugin-react-hooks": "^4.6.0", "eslint-plugin-react-refresh": "^0.3.4", "typescript": "^5.0.2", "vite": "^4.3.9" }

[fgatti675]

Thank you for the report @freddneos

[aramvr]

Is there a version that password login works? so we can rollback until this is resolved?

[fgatti675]

Hi @aramvr and @freddneos I was not aware of this bug so I can't pinpoint to a specific version. If you need this resolved ASAP as you mention, you can join the sponsors program to get priority support. Or feel free to submit a PR!

[freddneos]

Is there a version that password login works? so we can rollback until this is resolved?

I'm not sure man, as said , this is my first time using FireCMS.

[fgatti675]

I am not able to reproduce this in version 2.1.0. Can you make sure you are in that version and tell me if it still happens?

[aramvr]

hi @fgatti675, I can confirm I'm on 2.1.0. it simply says, "No user found with that email. Pick a password to create a new account"

In the network, it calls to https://identitytoolkit.googleapis.com/v1/accounts:createAuthUri?key=MY_KEY

and the response is:

{
   kind: "identitytoolkit#CreateAuthUriResponse",
   sessionId: "MY_SESSION_ID"
}

[fgatti675]

Are you guys maybe using Firebase 10? The API calls seem to be different to the ones I am seeing

[sometea]

I'm also seeing this bug and it seems to me that it is related to this issue: https://github.com/firebase/firebase-js-sdk/issues/7644. That would also explain why @fgatti675 is seeing a different behaviour: There is a behaviour change by default for projects created after September 15, 2023. It seems to be related to email enumeration protection: https://cloud.google.com/identity-platform/docs/admin/email-enumeration-protection. The createAuthUri API call now no longer returns a list of sign-in methods for a given email address. In fact, it seems no longer possible to detect whether an email address is already in use unless one disables email enumeration protection as described at the above link (which creates a security risk).

[fgatti675]

Hi guys, this is fixed in version 2.2.0-pre. Could you confirm this is working? Thank you for your input!

[sometea]

Yes, this is working with 2.2.0-pre. And I really like the new authentication flow with the separate "Login" / "New User" buttons. Thank you so much for the great work!

[fgatti675]

Fixed in version 2.2.0 :)