Unable to login with email + password if "email enumeration protection" is enabled #1041
Comments
jhuleatt
changed the title
|
@jhuleatt Can someone label this correctly (bug) and escalate it for a fix? Firebase is strongly recommending we take action on implementing email enumeration protection (via an email I received today), yet Firebase UI users can't - leaving our apps unprotected. From the wording in the email they are expecting a fix sometime, but I can't see any evidence of anyone working on it (no PRs, no confirmation as a bug etc.). Is Firebase UI still actively supported and maintained? |
|
I also am having issues with my app. Users now get stuck on the screen that you enter the email. I can't get my app to pass the Play Store because I can't get it to do it myself, but I have seen it on my devices and on others as well. This is the image that the team at Google that approves apps sent me, this is where it now suddenly gets stuck after working for several years: |
|
I am getting the same issue on my web app. I just recently enabled email enumeration protection, since Google sent me an email strongly encouraging it. Now, no one can log in using FirebaseUI auth. |
|
any progress? |
|
I ended up just writing a custom log-in with e-mail and ditching that premade stuff altogether ... kinda lame they pretend it is still supported.
…On Mon, Apr 29, 2024, at 12:54 AM, Josef Ježek wrote:
any progress?
—
Reply to this email directly, view it on GitHub <#1041 (comment)>, or unsubscribe <https://github.com/notifications/unsubscribe-auth/AJNVFJFTORPH2CSDLEQXL7TY7X4CTAVCNFSM6AAAAAA45RULNGVHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TUHMZDAOBSGA4TCMBXGU>.
You are receiving this because you commented.Message ID: ***@***.***>
|
|
As someone setting up firebase for the first time in 2024 I gotta say this whole thing was super confusing. Finally came across this issue and it makes a lot more sense that I am just messing around with something that is potentially broken? I have a pretty straight forward brand new react app trying to drop firebaseui-web in to test and every user I enter the email for I get: "is not authorized to view the requested page.". I agree with others - if this is not actively maintained time to just say so and remove it from the firebase docs. |
|
Definitely ... this needs to be removed it is wasting a ton of people's time.
…On Thu, Jul 11, 2024, at 2:42 PM, Shane wrote:
As someone setting up firebase for the first time in 2024 I gotta say this whole thing was super confusing. Finally came across this issue and it makes a lot more sense that I am just messing around with something that is potentially broken?
I have a pretty straight forward brand new react app trying to drop firebaseui-web in to test and every user I enter the email for I get: "is not authorized to view the requested page.".
I agree with others - if this is not actively maintained time to just say so and remove it from the firebase docs.
—
Reply to this email directly, view it on GitHub <#1041 (comment)>, or unsubscribe <https://github.com/notifications/unsubscribe-auth/AJNVFJH5C262L5KS23APE2LZL333ZAVCNFSM6AAAAAA45RULNGVHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TUHMZDEMRTHE4DONZZGU>.
You are receiving this because you commented.Message ID: ***@***.***>
|
and others
[REQUIRED] Describe your environment
[REQUIRED] Describe the problem
I've been going through the official Firebase Security Checklist (https://firebase.google.com/support/guides/security-checklist), and since I use email-password auth I followed the instructions to enable email enumeration protection. After enabling enumeration protection, all login attempts result in the message "Not Authorized: [email] is not authorized to view the requested page" immediately after inputing the user email and pressing the "NEXT" button — no password input field is presented. Disabling enumeration protection returns normal login functionality.
Steps to reproduce:
Relevant Code:
N/A — I expect that any app configured for email-password auth will encounter the issue
Expected behavior:
FirebaseUI can be used to authenticate with firebase instances that have enabled email enumeration protection, as suggested by the official Firebase Security Checklist
The text was updated successfully, but these errors were encountered: