passwordless email sign-in link is hidden on repeat sendings #2574
Comments
|
Hey @ultraGentle, since this is a Auth server related behavior, can you file an issue with Firebase support so this can be routed to the right owners? Thanks. |
|
Done, thanks for the suggestion. |
|
Tracked internally (b/148360318) |
|
Is there a way to be notified if/when an issue not on Github is addressed? I understand there are release notes, but it's easy to miss an update to one small feature like this that's nevertheless critical for my workflow. Just checking, thanks. |
|
I myself will keep you posted on this thread as soon as any information becomes available. However, I may not be able to provide with any specifics as to when it will be released. Thanks! |
|
Thank you! I don't expect any timeline, and I appreciate your keeping me informed. |
|
@rommelpe just wanted to check in to see whether this has been addressed / recognized by the Firebase team. No expectations, but a question: is there a recommended way of dealing with it until a fix is released? I feel like this must affect a lot of people, not just me, so I'm wondering if there's a clever workaround. Or maybe passwordless auth is just off the table for the time being. I wish this were an open source part of the Firebase project -- I'd be glad to submit the "add a random number" PR. Cheers, and thanks! |
|
I raised a bug/issue with firebase, they got back to me stating that this isn't the first time they have heard of it. They added it to their backlog but did not provide a timeline - I was advised to keep an eye on the firebase release notes to see if a fix comes out. |
|
@pointmdca Thanks for chiming in. Out of curiosity, did you implement a workaround, or are you planning to wait for a fix? |
|
@ultraGentle I looked into a workaround but that would required setting up some form of custom authentication and I couldn't be bothered at this time (may be later if this takes way too long to fix). I also considered using Twilio, but ultimately just stuck with email/password until it gets fixed. |
|
@rommelpe Would it be possible to list this issue |
|
@rommelpe any updates on this? |
|
We are also experiencing this issue, it's a really bad usability issue that affects many of our users. And we can't do anything about it. We are trying to make the users send only one email because when they receive two emails or more it's game over, they can't find the correct sign-in link. But it's a bad solution, we can't hold them from accidentally pressing the send button twice. |
|
Reactivating an old topic, this issue still hurts the usability of my app based on Firebase authentication. |
|
Pinged the internal thread about this, will post back any updates here. Thanks! |
|
@prameshj Thanks for checking. Since my original post was somewhat wordy, I'll just reiterate: Something as simple as adding a timestamp to the subject line should be enough to prevent this. Fingers crossed! |
+1, That is my proposal too. |
|
@prameshj Did they ever get back to you? |
|
Thank you for the reminder! I have reached out again.. We are unable to provide a timeline for the fix, but I will update this thread as we hear any update on the bug. |
|
@prameshj Any update so far? That is a real bummer. We got a bunch of reports of user clicking the stale sign-in links because the latest email was hidden. |
|
We are working on adding the timestamp field to the subject/template. |
|
The email sign in link is now generated with a timestamp in the subject and body in a subset of languages, see - https://firebase.google.com/docs/auth/web/email-link-auth#default-email For more customization, it is possible to just get the link from sendOobCode by setting |
[REQUIRED] Describe your environment
[REQUIRED] Describe the problem
Steps to reproduce:
Send a passwordless "sign in via email link" to a Gmail address.
Sign out.
Sign in again via the same method to generate a second email from the same app.
The problem: The sign-in link is hidden within the
...portion of the message that truncates repeated text. As I have been testing sign-in flow for my app, users are confused and think the link is missing.In that regard, passwordless auth is not working as intended -- obeying the letter of the law, but not the spirit, if you will. Even though the link is being sent and functions correctly, it appears broken to users whose email clients auto-truncate repeated text.
Relevant Code:
Solutions: since we can't control the behavior of the email client, I believe this is easily solveable via one of two methods.
(Best) Add a random string or serial number to the email subject so that it's not lumped together in the same thread as other sign-in emails from the same app. This avoids the problem completely. Example subject:
Sign-in link from MyNotBrokenApp, reference code G-718245. (Note that the number would change each time.) The "reference code" here is meaningless, but people are used to seeing such things from two-factor authentication text messages and the like.(conditionally okay) Keep the subject, but add a random string or serial no. after the link in the body of the message, so that the link is still displayed. This presents slightly more cleanly, but has the disadvantage that "smart" email truncation systems (like Gmail's) actually will truncate the middle of a message if it's quoted/repeated. I've tested that, and the behavior is tricky to predict. It seems like there's some threshold for how much needs to be different for Gmail to not
...it.Anyway, it's a shame, because passwordless auth is so much smoother to implement and maintain in many regards, but if users jump ship from my app because the sign in flow is opaque (through email clients' well-intentioned filters), it's self defeating.
Happy to elaborate or help in any way I can. Thanks for considering this!
The text was updated successfully, but these errors were encountered: