Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

fetchSignInMethodsForEmail returns empty array for existing user

Tags:

javascript

firebase

I'm using Firebase Email and Password Authentication.

I can see the user in my Firebase console, and the user can log in and log out.

In my code, I'm doing this:

const signInMethods = await fetchSignInMethodsForEmail(getAuth(), email);

But signInMethods is an empty array (as opposed to the expected ['password']).

Any idea why this should happen?

Expected behavior: The value returned from fetchSignInMethodsForEmail should reflect the sign in methods available for the user who just registered with a password.

Actual behavior: The value returned from fetchSignInMethodsForEmail is an empty array.

Reproduction instructions:

  • Clone https://github.com/YonatanKra/tauri-demo/

  • Checkout the add-firebase-auth branch

  • Add a .env file with the following details: VITE_FIREBASE_APP_KEY=*** VITE_FIREBASE_MESSAGING_SENDER_ID=*** VITE_FIREBASE_PROJECT_ID=*** VITE_FIREBASE_APP_ID=*** (replacing the *** with actual details) of a Firebase app with email and password login enabled

  • run npm i

  • run npm run dev

  • go to the address stated in the console to see the UI

  • Enter email and password and login.

  • See that the user appears in the Firebase console

  • Refresh the app to return to the login screen

  • Set a debug point at the auth.ts file on line 10.

  • login with same credentials

  • See that the value returned is an empty array

like image 223
yccteam Avatar asked Sep 07 '25 17:09

yccteam

1 Answers

Starting in September 15 email enumeration protection is enabled by default for all new firebase projects. This actually breaks the fetchSignInMethodsForEmail method.

As per the documentation: "A list of sign-in methods for a specified email address is no longer returned when calling the createAuthUri REST API or the fetchSignInMethodsForEmail client SDK method on all platforms".

For more details you can check the full documentation.

In order to make it work again you would have to disable the email enumeration protection. To do so you should get an access token for your project by running:

gcloud auth print-access-token --project=PROJECT_ID

And then make a patch request as detailed in the docs:

curl -X PATCH -d "{'emailPrivacyConfig':{'enableImprovedEmailPrivacy':false}}" \
    -H 'Authorization: Bearer ACCESS_TOKEN' \
    -H 'Content-Type: application/json' -H 'X-Goog-User-Project: PROJECT_ID' \
    "https://identitytoolkit.googleapis.com/admin/v2/projects/PROJECT_ID/config?updateMask=emailPrivacyConfig"
like image 138
Test Breaker Avatar answered Sep 10 '25 06:09

Test Breaker

Sign in to Comment

Related questions

Why is two-way databinding in AngularJS an antipattern?
disable mouseover interaction JointJS diagram
Ways to access the query parameters JSP, JSTL, Javascript
Multer create new folder with data
How to enable Object.groupBy() in TypeScript and Node.js

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!