Firebase reset password link not working

Question

I am using firebase to authenticate users in my android app. I provide user an option to reset password in login window. When user click on button, it sends email successfully. However when user clicks on link, it always showing

"Try resetting your password again. Your request to reset your password has expired or the link has already been used"

Anyone knows where I'm Wrong ? I tried login with different email IDs from different devices. Still not working. I am using 'com.google.firebase:firebase-auth:9.2.0'.

UPDATE on 31 August 2016

I got in touch with firebase support and it looks like there was some bug with API key. If you change your browser API key, it was not getting updated. Now this bug is fixed and reset password function is working properly.

I just tested reset password and it is working as expected. I speculate the api key being used here is incorrect. I do not know why. The api key is appended to the reset password link '&apiKey=API_KEY'. Think of some change you may have made in the FIrebase console while configuring your project. I would start there. You could check the web auth snippet code. It has an api key in the app initialization. Try using the browser api key from that snippet with the one being appended to the reset password link. — bojeil
– bojeil, Commented Jul 4, 2016 at 21:54
@bojeil there was no such field for "API_KEY". Are we suppose to add API key field ? If yes , where ? In email template ? — Dexter
– Dexter, Commented Jul 5, 2016 at 5:59
Having the same issue here. I haven't touched the email templates. The link includes &apiKey=CORRECT_KEY at the end but that parameter does not appear in the template. — Travis
– Travis, Commented Jul 5, 2016 at 14:12
@TravisChristian Exactly, there is no field for api_key. And my template %LINK% value is "myappname.firebaseapp.com/__/auth/action" I have not modified anything there. I just added "reply to" email and changed name of sender in template. Rest of the settings is untouched. — Dexter
– Dexter, Commented Jul 5, 2016 at 14:32
@bojeil , yes. it is there. Link in the email look likes this. "https : // appname.firebaseapp.com/__/auth/action?mode=resetPassword&oobCode=someCharacters&apiKey=someCharacters " (space is added for readability) But whenever we click, you get message as reported in this question. — Dexter
– Dexter, Commented Jul 6, 2016 at 6:46

Travis · Accepted Answer · 2016-07-08 22:07:37Z

46

If you've listed any HTTP referrers for your app's API key in the Google API console, you need to include the app itself which is where the emails originate: <app-name>.firebaseapp.com. Otherwise this domain is not valid for your app's key.

edited Jul 8, 2016 at 22:07

answered Jul 8, 2016 at 20:01

Travis

2,4622 gold badges24 silver badges41 bronze badges

Sign up to request clarification or add additional context in comments.

6 Comments

Dexter Over a year ago

Hi, I just checked this. There are no HTTP referrers in any of my API key. Only constrain is with OAuth clients generated by Google Service has SHA1fingerprint. My server and android API keys are without any referrers.

Travis Over a year ago

Bummer. It was the definitely the issue in my case. Maybe you should check with Firebase support, since they indicated that they were looking into something but I'm not sure if this was the same thing.

vir us Over a year ago

Where do you include this info? I'm wondering through google api console but not getting what to do. A bit of guidance is much appreciated.

Travis Over a year ago

@virus Click the name of the key, scroll to the bottom, and find "HTTP referrers (web sites)"

vir us Over a year ago

Thanks @TravisChristian - now I see that. Mine is set to "unrestricted" so I guess my issue is different. Though if I try to update and set restriction it gives me an error: "The specified id (f8bba728-33bc-483c-8820-193641aff3b0) was not found. Tracking Number: c798503002" which I guess is somehow related to my error. Sent a request to support, hopefully they can help. If you have any ideas, your input is welcome!

|

Jaroslav Kardash · Accepted Answer · 2019-08-05 15:59:46Z

6

I had the same issue and solve it. But the protocol should be https.

And in the end of URL I have to add the /* as there will be token, api_key and other parameters added by firebase here.

https://Project ID.firebaseapp.com/* (I get my Project ID from the firebase console)

answered Aug 5, 2019 at 15:59

Jaroslav Kardash

611 silver badge3 bronze badges

1 Comment

LittleCornerDev Over a year ago

I think this may be the clearest answer because https://PROJECT-ID.firebaseapp.com/* is exactly what I had to enter to get it to work. Due to the wildcard instructions on the page, I had previously entered (*):PROJECT-ID.firebaseapp.com/*, but that still caused the always expired password reset emails.

tonnoz · Accepted Answer · 2021-02-01 18:50:27Z

3

This is how I solved, a slightly different approach from the top answer : First indeed check which API KEY is being used in the email link, in my case was the PROD one even if I was starting the project with the DEV(unrestricted) one.

The most important thing: it's not enough to add <app-name>.firebaseapp.com. in the Website restrictions section of your API KEY : you need to add the fully qualified domain including https: https://<app-name>.firebaseapp.com. This solved the issue for me.

answered Feb 1, 2021 at 18:50

tonnoz

5065 silver badges15 bronze badges

Comments

Bradley Thomas · Accepted Answer · 2019-03-10 20:23:25Z

2

I discovered what the issue was in my case...

For me, it had nothing to do with the credentials settings. It was simply that under Authentication/Sign-in method in the Console, I had Email/Password provider disabled. Once I turned that on, reset email links began working properly again.

answered Mar 10, 2019 at 20:23

Bradley Thomas

4,1076 gold badges36 silver badges58 bronze badges

Comments

Alexey · Accepted Answer · 2016-10-20 08:55:29Z

1

Temporarily I've solved the issue by leaving only one unrestricted API key at Google API Console

answered Oct 20, 2016 at 8:55

Alexey

4,5391 gold badge31 silver badges37 bronze badges

Comments

Dody · Accepted Answer · 2022-04-14 18:14:30Z

1

I was able to fix it just by removing my current firebase app and creating a new one.

answered Apr 14, 2022 at 18:14

Dody

6889 silver badges22 bronze badges

Comments

Vasil Garov · Accepted Answer · 2022-10-11 06:38:55Z

1

For users using API restrictions for their keys

The most upvoted answers didn't help me because I already used API restrictions for my key for security reasons. This means I cannot have HTTP referrers and API restrictions at the same time. At least it didn't work for me. After checking my API usage dashboard I realized that the API that's being used for signing up is called Identity Toolkit. I added it to the restricted APIs and it worked!

answered Oct 11, 2022 at 6:38

Vasil Garov

4,9501 gold badge29 silver badges38 bronze badges

Comments

technophyle · Accepted Answer · 2016-09-06 02:43:32Z

0

I also experienced the same issue, and for me, the cause was sending multiple password reset emails, and I got only the first one.

Make sure you send the reset password email just once or if you did it multiple times, wait for the multiple emails to arrive and use the latest email.

answered Sep 6, 2016 at 2:43

technophyle

9,3677 gold badges34 silver badges52 bronze badges

1 Comment

user12021836 Over a year ago

is there a way that old email also can be used to verify the email address ?

Andres Calfulaf · Accepted Answer · 2020-08-18 20:10:09Z

0

I was able to fix it by removing the Link option from the email (access without password)enter image description here

answered Aug 18, 2020 at 20:10

Andres Calfulaf

1

Comments

Sebastian Gravina · Accepted Answer · 2023-02-09 21:49:13Z

0

In my case the solution was going to Firebase Console, Authentication and then enabling Email/Password as a provider

answered Feb 9, 2023 at 21:49

Sebastian Gravina

1

Collectives™ on Stack Overflow

Firebase reset password link not working

10 Answers 10

6 Comments

1 Comment

Comments

Comments

Comments

Comments

Comments

1 Comment

Comments

Comments

Your Answer

Linked

Hot Network Questions

Collectives™ on Stack Overflow

10 Answers 10

6 Comments

1 Comment

Comments

Comments

Comments

Comments

Comments

1 Comment

Comments

Comments

Your Answer

Sign up or log in

Post as a guest

Linked

Related