Firebase Auth is no longer working in incognito mode #3004
Comments
|
@opolo which sign in method and provider are you using? We are aware that popup-based signs in particular require localStorage and will not work when it is disabled. As a potential workaround you can try signing directly with the provider (Google, Facebook, etc) using their SDK and then signing into Firebase using signInWithCredential(). |
|
Hey @opolo. We need more information to resolve this issue but there hasn't been an update in 5 weekdays. I'm marking the issue as stale and if there are no new updates in the next 5 days I will close it automatically. If you have more information that will help us get to the bottom of this, just add a comment! |
|
I just started getting this error with Google Chrome 83 today, trying to sign in via a Google account while in Incognito mode.
|
|
Just updated to Chrome Version 83.0.4103.61 (Official Build) (64-bit) Still works with Chrome Canary Version 85.0.4157.4 (Official Build) canary (64-bit), Firebox, and Safari. Update: Clearing Site Data instantly allowed Firebase Auth UI to appear correctly. Not sure of the specific cause. Sorry for the issue noise. Cheers. |
|
@avolkovi it was one of our users that faced this issue; I do not believe I can get the information again. Perhaps the comments by @brianmhunt or @tmcf helps. |
|
Also getting this error after upgrading to Chrome 83.0.4103.61 (OSX).
|
|
Also getting this issue after updating to Chrome 83. It had been working consistently in incognito mode before that. Same error message as @brianmhunt |
Same problem with my app. It happens in incognito mode randomly and for some users it is consistent. |
|
This is happening to my app - https://app.zenuml.com . For myself, it is consistent on Chrome - Version 83.0.4103.106 (Official Build) (64-bit). Haven't heard anything from our users. It works fine on Chrome Canary Version 85.0.4175.0 (Official Build) canary (64-bit). So I am not sure if it is the browser's issue or not. |
|
Sorry, I think this may have been closed by mistake. Re-opening. |
|
If you change the Chrome browser cookie settings from the default value of "Block third-party cookies in Incognito" to "Allow all cookies", Google authentication then succeeds in Chrome incognito: (Not that this should be a work-around, of course -- just as additional information for the issue.) Note also that once all cookies have been allowed, authentication then triggers console warnings regarding a missing 'SameSite' attribute: |
|
I'm also having this issue only in Chrome in Incognito:
Happy to provide more info to debug if needed. |
|
Any solutions?? I am facing the same issues |
I am facing the same issue intermittently. But, if I login using this sample app - https://fir-ui-demo-84a6c.firebaseapp.com/ and try logging in my app, it seems to work. You can use this as a workaround, if it is happens occasionally. |
I am able to login normally but not in incognito mode |
|
I deleted my previous comment. I will try to give this issue more light |
|
chrome://settings/cookies?search=allow+all Allow All Cookies ! |
|
(Repeating my previous comment that changing the client browser settings to "allow all" -- or per the comment of @curiouscod3 -- is NOT an acceptable work-around. We cannot expect our users to make this kind of change in their browsers.) |
|
Hi folks, Hope this can help. It is an alternative solution that was being used in my company's project. To make the app working again, you have to create a new custom AUTH URL with the DOMAIN which you are using. So how to change the auto-provision auth URL of firebase? I was inspired by this post This browser is not supported or 3rd party cookies and data may be disabled. |
|
You may have already noticed this but we had already fixed the popup flow for browsers with 3P cookies disabled. You should be able to use it without updating the SDK. As for the redirect flow, it is still a work in progress. For now, you may have to fallback on the popup flow for browsers with 3P cookies disabled. |
|
@bojeil-google We have implemented workaround 2 mentioned here and are still experiencing issues with the Is there another workaround you recommend before biting the bullet and implementing server-side Auth 2.0 flow? |
|
@avolkovi could you confirm if updating the custom domain of cookie will fix the auth flow when 3rd party cookie is disabled? even if project is not using firebase hosting? Just want to make sure before investing time in custom domain implementation. |
|
@sam-gc can you provide our latest guidance? |
|
@GorvGoyl we don't actually use cookies, it's just that the machinery that blocks third-party cookies in incognito also prevents certain features that we do make use of. What fix are you specifically looking at? Incognito mode should now work for |
|
@sam-gc thanks for the clarification on cookies part. I was actually using |
|
Hi, for everyone that experienced this problem, just switch on the third pqrty cookies fornthe incognito sesssion and this will be resolved. :D |
|
I think that a workaround for this problem is to use |
|
On the blank incognito page, there is a slider for 3rd party cookies. You should enable third party cookies in irder for the firebase auth to work. |
Yeah that would be great. I've tried detecting incognito mode for this exact reason, but this is not as easy as it looks: turns out incognito is made with the aim of not being easily detectable itself. Being able to directly test the firebase functionality that throws an error on incognito sure would be an ideal solution. Let us know if you find something @igorsilveriocosta ! @andrewhamili We can not ask our users to do that |
|
@joel-moonlight this is not a restriction 9f the firebase but a restriction of the browser. I think it is on google chrome only. I do not know on other browsers if they are also disabling 3rd party cookies on browser mode similar to incognito of google chrome. I think there is no fix or workaround that the firebase team can offer. PS: I haven't tried if using signInWithPopup might do some trick as advised by @igorsilveriocosta |
It does, hence our messages. |
|
@joel-moonlight well thats good. But i think signInwithPopup won't work with webviews. It odes not work on in-app browser of Messenger App. |
|
That's why we want to use it only when |
…rome incognito browsers (firebase/firebase-js-sdk#3004)
|
As I can verify in my own environment this issue still exists... Is there any idea on how to solve this and is there a timeline for it? It might be good to include a note about this behaviour in the firebase documentation becuase this issue now exists nearly 3 years... |
The options listed in https://firebase.google.com/docs/auth/web/redirect-best-practices apply to this issue as well. |
|
Closing since it is a duplicate of #6716 |
and others
[REQUIRED] Describe your environment
[REQUIRED] Describe the problem
Multiple of our users has reported, they are no longer able to login and use our product... After some investigation, it seems to happen for all the users, which accesses our platform in incognito mode.
It seems to no longer be possible to use the firebase auth SDK in Google Incognito mode. The exact same users can log in with the exact same credentials or SSO integrations through firebase in non-incognito.
Steps to reproduce:
If users try to use firebase authentication on our platform in incognito mode, the error:
{code: "auth/web-storage-unsupported", message: "This browser is not supported or 3rd party cookies and data may be disabled.", a: null}is thrown from the SDK.
I believe it potentially can be an issue in a newer Chrome update, as I know Google has been experimenting with having Chrome block 3rd Party Cookies (I believe they experimented with it in version 83 of Chrome, which I am not using though).
The text was updated successfully, but these errors were encountered: