firebase auth Given link is not a valid email link.

[Willham12]

We created an issue on react-native package and have found out that the apiKey is required on android but not on ios. The function isSignInWithEmailLink is not checking if an apiKey is provided. As you can see we are checking if the given email link is an signin email link before we are signin with email link.

Let me know if you need more questions.

[google-oss-bot]

I couldn't figure out how to label this issue, so I've labeled it for a human to triage. Hang tight.

[mikehardy]

@Willham12 just a note - in react-native-firebase we implement - in javascript! - the same check that firebase-js-sdk performs, and it does not check for apiKey. We are not currently in our official implementation calling through to firebase-android-sdk's isSignInWithEmailLink method.

You state "As you can see we are checking if the given email link is an signin email link before we are signin with email link" but from a firebase-android-sdk perspective this is not completely correct since that method is not called.

However, I know you were testing a change to react-native-firebase where you did in fact call firebase-android-sdk's isSignInWithEmailLink - is that true? Does it verify the apiKey URL param or not?

[Willham12]

The firebase android sdk not checking if api key param is provided.

[lehcar09]

Hi @Willham12, I tried reproducing the behavior you raised and I wasn't able to encounter the issue. The isSignInWithEmailLink check fails, when the apiKey does not exist in the email link.

Could you share an MCVE and steps to reproduce and clarify the issue?

[Willham12]

What i do is to call this function with this example link: https://<domain>?mode=signIn&oobCode=${route.params.oobCode}
It return true but this function throws an error that the provided link is not an valid link. If i add the apiKey param to the link it not fails. On IOS it seems that the apiKey is not required. The function signInWithEmailLink without apiKey param not fails.

  String emailLink = "https://<domain>?mode=signIn&oobCode=<oobCode>";
  if (firebaseAuth.isSignInWithEmailLink(emailLink) {
     firebaseAuth.signInWithEmailLink("[email protected]", emailLink)
 }

[lehcar09]

The Firebase Native Android SDK does check for the apiKey in the email link.

com.google.firebase.quickstart.auth  I  Email Link: https://<PROJECT_ID>.firebaseapp.com/__/auth/links?link=https://<PROJECT_ID>.firebaseapp.com/__/auth/action?mode%3DsignIn%26oobCode%<SOME_OOBCODE>%26continueUrl%3Dhttps://<PROJECT_ID>.firebaseapp.com/%26lang%3Den
com.google.firebase.quickstart.auth  I  isSignInWithEmailLink: false

As mentioned in this comment .

@Willham12 just a note - in react-native-firebase we implement - in javascript! - the same check that firebase-js-sdk performs, and it does not check for apiKey. We are not currently in our official implementation calling through to firebase-android-sdk's isSignInWithEmailLink method.

This issue is best handled by the React Native Firebase team. That said, I'll be closing this issue now. Let me know if there's any misunderstanding so we can re-open the issue. Thanks!

[Willham12]

@lehcar09 can you please try with this link "https://google.com?mode=signIn&oobCode=testCode"?
in our case we are using not the link provided by auth package.

[mikehardy]

@Willham12 there appears to be a misunderstanding if you want firebase-android-sdk team to try that link. Why? Because they have already confirmed to you that they check if apiKey is in the link:

The Firebase Native Android SDK does check for the apiKey in the email link.

So your test will fail, and they have told you it will fail, on firebase-android-sdk.

In firebase-js-sdk and firebase-ios-sdk it will pass. This is a platform difference, but not something firebase-android-sdk needs to address per se. As they said, there is no issue here.

In react-native-firebase we need to check on android platform if apiKey is in the email link and fail if not