When Firebase authentication is not working, systematically check these common causes: the sign-in provider is not enabled in the Firebase Console, your API key is restricted or incorrect, the authorized domains list is missing your domain, onAuthStateChanged is not being used to wait for auth initialization, or your Firebase config object has incorrect values. This tutorial provides a step-by-step debugging checklist that resolves the most frequent Firebase Auth failures.
Debugging Firebase Authentication When It Stops Working
Firebase Auth failures can stem from configuration issues, timing bugs, or provider misconfigurations. This tutorial walks through a systematic debugging checklist covering every common cause of auth failures, from incorrect config objects to race conditions with onAuthStateChanged. Each step includes the exact error message you might see and how to resolve it.
Prerequisites
- A Firebase project with Authentication set up
- The firebase npm package installed (v9 or later)
- Access to the Firebase Console for your project
- Your app's Firebase config object
Step-by-step guide
Verify the sign-in provider is enabled in the Console
Verify the sign-in provider is enabled in the Console
The most common reason authentication fails is that the sign-in method is not enabled. Go to Firebase Console > Authentication > Sign-in method and confirm the provider you are using (Email/Password, Google, GitHub, etc.) shows as 'Enabled'. If you are using OAuth providers like Google or GitHub, you also need to configure the client ID and secret from the provider's developer console. Without enabling the provider, Firebase returns auth/operation-not-allowed.
1// This error means the provider is not enabled:2// FirebaseError: Firebase: Error (auth/operation-not-allowed)34// Fix: Go to Firebase Console > Authentication > Sign-in method5// Click the provider and toggle 'Enable' to onExpected result: The sign-in provider shows as Enabled in the Firebase Console Sign-in method tab.
Check your Firebase config object for errors
Check your Firebase config object for errors
A wrong or incomplete config object silently breaks authentication. Go to Firebase Console > Project Settings (gear icon) > General > Your apps and copy the exact config. Compare it with the config in your code. The most common mistakes are using the config from a different project, missing the authDomain field, or having a typo in the apiKey. Every field must match exactly.
1import { initializeApp } from 'firebase/app'2import { getAuth } from 'firebase/auth'34// Copy this exactly from Firebase Console > Project Settings5const firebaseConfig = {6 apiKey: 'AIzaSy...', // Must match your project7 authDomain: 'your-project.firebaseapp.com',8 projectId: 'your-project',9 storageBucket: 'your-project.appspot.com',10 messagingSenderId: '123456789',11 appId: '1:123456789:web:abc123'12}1314const app = initializeApp(firebaseConfig)15const auth = getAuth(app)Expected result: Firebase initializes without errors and getAuth() returns a valid Auth instance.
Add your domain to the authorized domains list
Add your domain to the authorized domains list
Firebase Auth only works on domains listed in the authorized domains. Go to Firebase Console > Authentication > Settings > Authorized domains. Localhost is included by default for development. For production, add your custom domain. If you are testing from a non-standard port or a deployed URL that is not listed, auth operations will fail with auth/unauthorized-domain.
1// This error means your domain is not authorized:2// FirebaseError: Firebase: Error (auth/unauthorized-domain)34// Fix: Firebase Console > Authentication > Settings > Authorized domains5// Add: your-app.vercel.app (or your custom domain)Expected result: Your app's domain appears in the authorized domains list and auth operations work from that domain.
Wait for auth initialization with onAuthStateChanged
Wait for auth initialization with onAuthStateChanged
Firebase Auth loads asynchronously. If you check currentUser immediately after page load, it may be null even if the user is signed in. The auth state needs time to initialize from the persisted session. Always use onAuthStateChanged to wait for the auth state to resolve before making decisions about whether the user is logged in.
1import { getAuth, onAuthStateChanged } from 'firebase/auth'23const auth = getAuth()45// WRONG: currentUser may be null during initialization6console.log(auth.currentUser) // Often null on page load78// CORRECT: Wait for auth state to initialize9onAuthStateChanged(auth, (user) => {10 if (user) {11 console.log('User is signed in:', user.uid)12 } else {13 console.log('User is signed out')14 }15})Expected result: The auth state is correctly detected after initialization, and signed-in users are recognized.
Check the browser console for specific error codes
Check the browser console for specific error codes
Firebase Auth provides specific error codes that tell you exactly what went wrong. Catch errors from auth operations and log the error.code property. Common codes include auth/wrong-password, auth/user-not-found, auth/too-many-requests, auth/network-request-failed, and auth/popup-closed-by-user. Each code has a specific fix.
1import { signInWithEmailAndPassword } from 'firebase/auth'23try {4 await signInWithEmailAndPassword(auth, email, password)5} catch (error: any) {6 switch (error.code) {7 case 'auth/user-not-found':8 console.log('No account exists with this email')9 break10 case 'auth/wrong-password':11 console.log('Incorrect password')12 break13 case 'auth/too-many-requests':14 console.log('Too many failed attempts. Try again later.')15 break16 case 'auth/network-request-failed':17 console.log('Network error. Check your connection.')18 break19 case 'auth/invalid-credential':20 console.log('Email or password is incorrect')21 break22 default:23 console.log('Auth error:', error.code, error.message)24 }25}Expected result: Error codes are caught and displayed, pointing to the specific cause of the auth failure.
Verify API key restrictions are not blocking auth
Verify API key restrictions are not blocking auth
If you restricted your API key in the Google Cloud Console, authentication may fail silently. Go to Google Cloud Console > APIs & Services > Credentials, find your Firebase API key, and check the restrictions. For Firebase Auth to work, the key must have access to the Identity Toolkit API and Token Service API. If you set HTTP referrer restrictions, make sure your domain is included.
1// Symptoms of API key restriction issues:2// - signInWithPopup opens but immediately closes3// - signInWithEmailAndPassword returns auth/api-key-not-valid4// - Network tab shows 403 on identitytoolkit.googleapis.com56// Fix in Google Cloud Console > Credentials > API Keys:7// 1. Click your Firebase API key8// 2. Under API restrictions, ensure these APIs are allowed:9// - Identity Toolkit API10// - Token Service API11// - Firebase Installations API12// 3. Under Application restrictions, add your domainsExpected result: API key restrictions allow Firebase Auth APIs and your app's domain.
Complete working example
1import {2 getAuth,3 onAuthStateChanged,4 signInWithEmailAndPassword,5 GoogleAuthProvider,6 signInWithPopup,7 User,8} from 'firebase/auth'910const auth = getAuth()1112export function waitForAuth(): Promise<User | null> {13 return new Promise((resolve) => {14 const unsubscribe = onAuthStateChanged(auth, (user) => {15 unsubscribe()16 resolve(user)17 })18 })19}2021export async function safeEmailSignIn(22 email: string,23 password: string24): Promise<{ user?: User; error?: string }> {25 try {26 const { user } = await signInWithEmailAndPassword(auth, email, password)27 return { user }28 } catch (err: any) {29 const messages: Record<string, string> = {30 'auth/user-not-found': 'No account found with this email.',31 'auth/wrong-password': 'Incorrect password.',32 'auth/invalid-credential': 'Email or password is incorrect.',33 'auth/too-many-requests': 'Too many attempts. Please wait and try again.',34 'auth/network-request-failed': 'Network error. Check your connection.',35 'auth/operation-not-allowed': 'Email/password sign-in is not enabled.',36 'auth/unauthorized-domain': 'This domain is not authorized for auth.',37 }38 return { error: messages[err.code] || `Auth error: ${err.code}` }39 }40}4142export async function safeGoogleSignIn(): Promise<{ user?: User; error?: string }> {43 try {44 const provider = new GoogleAuthProvider()45 const { user } = await signInWithPopup(auth, provider)46 return { user }47 } catch (err: any) {48 if (err.code === 'auth/popup-closed-by-user') {49 return { error: 'Sign-in popup was closed.' }50 }51 return { error: `Google sign-in error: ${err.code}` }52 }53}Common mistakes when fixing Firebase Authentication Not Working
Why it's a problem: Checking auth.currentUser on page load instead of waiting for onAuthStateChanged
How to avoid: Always use onAuthStateChanged to wait for auth initialization. currentUser is null until the persisted session loads, which takes a few hundred milliseconds.
Why it's a problem: Using the Firebase config from a different project or environment
How to avoid: Copy the config directly from Firebase Console > Project Settings > Your apps. Compare every field with what is in your code.
Why it's a problem: Not enabling the sign-in provider in the Firebase Console before using it in code
How to avoid: Go to Authentication > Sign-in method and enable each provider you use. For OAuth providers, also configure the client ID and secret.
Why it's a problem: Restricting the API key too aggressively in Google Cloud Console
How to avoid: Ensure your API key allows the Identity Toolkit API and Token Service API. Add your app's domains to the HTTP referrer restrictions.
Best practices
- Always use onAuthStateChanged to detect the initial auth state instead of reading currentUser directly
- Catch and handle specific error codes from auth operations to provide clear feedback to users
- Keep your Firebase config in environment variables and verify they match the Console values
- Add all production and staging domains to the authorized domains list in Firebase Console
- Test authentication in an incognito window to rule out browser extension interference
- Check the browser network tab for failed requests to identitytoolkit.googleapis.com for API-level debugging
- Log auth errors with the error.code property, not just error.message, for consistent debugging
Still stuck?
Copy one of these prompts to get a personalized, step-by-step explanation.
Firebase authentication is not working in my React app. Sign in with email and password fails silently, and currentUser is always null. Give me a debugging checklist and show me how to properly wait for auth initialization with onAuthStateChanged and handle specific error codes.
Debug my Firebase Auth setup. Create a helper function that waits for auth initialization with onAuthStateChanged, wraps signInWithEmailAndPassword with proper error handling for all common error codes, and returns user-friendly error messages.
Frequently asked questions
Why does auth.currentUser return null even though I am signed in?
Firebase Auth loads the persisted session asynchronously. On page load, currentUser is null until initialization completes (200-500ms). Use onAuthStateChanged to wait for the auth state to resolve.
What does auth/operation-not-allowed mean?
This error means the sign-in method is not enabled in the Firebase Console. Go to Authentication > Sign-in method and enable the provider you are trying to use.
Why does Google sign-in work in development but not in production?
Your production domain is likely not in the authorized domains list. Go to Firebase Console > Authentication > Settings > Authorized domains and add your production URL.
How do I debug auth issues on mobile devices?
Use remote debugging (Chrome DevTools for Android, Safari Web Inspector for iOS) to view console errors. On mobile, popup-based sign-in may fail due to popup blockers. Use signInWithRedirect instead.
Can Firebase Auth work without an internet connection?
Firebase Auth caches the user session locally. A previously signed-in user remains authenticated offline. However, new sign-in and sign-up operations require an internet connection.
Can RapidDev help troubleshoot complex Firebase Auth issues?
Yes, RapidDev's engineering team can diagnose and fix Firebase Auth problems including OAuth configuration, session management, and custom authentication flows.
Talk to an Expert
Our team has built 600+ apps. Get personalized help with your project.
Book a free consultation