I'm clicking on the verification links immediately after getting the verification mail, but still the answer is only:
Try verifying your email again Your request to verify your email has expired or the link has already been used
The current code to send off the verification mail looks like this and is run right after the registration.
firebase.auth().onAuthStateChanged(function(user) {
user.sendEmailVerification();
});
And the required firebase scripts are included like this:
<script src=".6.1/firebase.js"></script>
<script>
function init(){
var config = {
apiKey: "<asdf>",
authDomain: "<asdf>.firebaseapp",
databaseURL: "<asdf>.firebaseio"
};
firebase.initializeApp(config);
}
</script>
<script src=".6.1/firebase-app.js"></script>
<script src=".6.1/firebase-auth.js"></script>
<script src=".6.1/firebase-database.js"></script>
And Email/Password is enabled as a sign-in method. I compared the setup with another Firebase project that has working verifications mails and can't find a difference.
Anyone have an idea what could be the issue?
I'm clicking on the verification links immediately after getting the verification mail, but still the answer is only:
Try verifying your email again Your request to verify your email has expired or the link has already been used
The current code to send off the verification mail looks like this and is run right after the registration.
firebase.auth().onAuthStateChanged(function(user) {
user.sendEmailVerification();
});
And the required firebase scripts are included like this:
<script src="https://www.gstatic.com/firebasejs/3.6.1/firebase.js"></script>
<script>
function init(){
var config = {
apiKey: "<asdf>",
authDomain: "<asdf>.firebaseapp.com",
databaseURL: "<asdf>.firebaseio.com"
};
firebase.initializeApp(config);
}
</script>
<script src="https://www.gstatic.com/firebasejs/3.6.1/firebase-app.js"></script>
<script src="https://www.gstatic.com/firebasejs/3.6.1/firebase-auth.js"></script>
<script src="https://www.gstatic.com/firebasejs/3.6.1/firebase-database.js"></script>
And Email/Password is enabled as a sign-in method. I compared the setup with another Firebase project that has working verifications mails and can't find a difference.
Anyone have an idea what could be the issue?
Share Improve this question edited Dec 14, 2016 at 15:20 Frank van Puffelen 599k84 gold badges888 silver badges858 bronze badges asked Dec 14, 2016 at 14:43 wantanwantan 2212 silver badges8 bronze badges 3- 1 Possible duplicate of Firebase reset password link not working – Travis Commented Dec 14, 2016 at 15:18
- 1 This worked in my case: stackoverflow.com/a/38274531/213156 – Travis Commented Dec 14, 2016 at 15:19
- Thanks, that worked! – wantan Commented Dec 14, 2016 at 15:43
6 Answers
Reset to default 10The answer is here: stackoverflow.com/a/38274531/213156 Thanks a lot, Travis Christian!
If you've listed any HTTP referrers for your app's API key in the Google API console, you need to include the app itself which is where the emails originate: [app-name].firebaseapp.com. Otherwise this domain is not valid for your app's key."
If you have multiple apiKeys you may want to check this.
I had multiple apiKeys. I was using each of them for different client applications.
As mentioned in other answers, the email verification link includes an apiKey. In my case that apiKey was different from the one I used for the specific client application.
So, the solution was figuring out which apiKey is sent in the email verification and adding <app-name>.firebaseapp.com in the Application Restrictions > HTTP reference.
I wasted several hours, and it ruined my demo to a customer. Hopefully this solution saves someone else time and $
It is obvious the error message is very vague. Pretty much any answer here may lead you to a solution. So, be patient, get a coffee, and see which one applies to your case. I am saying all these because I got burned and stressed out for hours, hopefully you don't have to.
Summary:
If you have multiple apiKeys and you are doing Application Restrictions with HTTP reference, make sure <app-name>.firebaseapp.com is added to each apiKey.
Be sure your Sign-in providers have email and password Provider
If someone still looking for answer!
If you have restricted your API key, then select Firebase Dynamic Links API from dropdown to allow dynamic links. Firebase sends dynamically generated links in the email and you should allow that.
In case anyone else runs into this issue too, my problem was that I hadn't selected a support email. Selecting one fixed it for me.
This is how I solved, a slightly different approach from what others suggest : First indeed check which API KEY is being used in the email link, in my case was the PROD one even if I was starting the project with the DEV(unrestricted) one.
The most important thing: it's not enough to add <app-name>.firebaseapp.com. in the Website restrictions section of your API KEY : you need to add the fully qualified domain including https: https://<app-name>.firebaseapp.com. This solved the issue for me.