Skip to content

feat(auth): surface GIdP password policy violations with actionable error messages#2333

Merged
just1and0 merged 4 commits into
version-10.0.0-beta03from
feat/password-policy-support
Jun 8, 2026
Merged

feat(auth): surface GIdP password policy violations with actionable error messages#2333
just1and0 merged 4 commits into
version-10.0.0-beta03from
feat/password-policy-support

Conversation

@demolaf

@demolaf demolaf commented Jun 8, 2026

Copy link
Copy Markdown
Member

Closes #2128.

When Google Identity Platform password policy enforcement is enabled, the Firebase Auth SDK returns a PASSWORD_DOES_NOT_MEET_REQUIREMENTS error with the specific failing constraints.

Previously FirebaseUI silently swallowed these errors — users saw nothing or a generic "unknown error" dialog.

Changes

  • Adds AuthException.PasswordPolicyViolationException with a human-readable message and the list of failing requirements
  • Detects PASSWORD_DOES_NOT_MEET_REQUIREMENTS in both FirebaseAuthWeakPasswordException.reason and the raw FirebaseException message (actual type from SDK 24.0.1+)
  • Fixes subclass ordering in AuthException.from() so FirebaseAuthWeakPasswordException is no longer matched as InvalidCredentialsException
  • Surfaces the policy message in ErrorRecoveryDialog with a "Try again" action
  • Fixes the silent catch {} in EmailAuthScreen.onSignUpClick that was discarding all sign-up errors

NOTE: If passwordValidationRules in AuthUIConfiguration doesn't match the policy configured in the
Firebase console, the client-side check won't catch the weak password before submission and this exception
will be thrown instead.

Expected Behavior

Screenshot_1780908844

@demolaf demolaf marked this pull request as draft June 8, 2026 07:30

@gemini-code-assist gemini-code-assist Bot left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Code Review

This pull request introduces support for Google Identity Platform password policy requirements. It adds a new PasswordPolicyViolationException class, updates exception mapping in AuthException.from to parse password policy requirements from FirebaseAuthWeakPasswordException, handles exceptions in EmailAuthScreen, and adds comprehensive unit tests. The review feedback suggests making the bracket parsing in parsePasswordPolicyRequirements more robust by searching relative to the policy substring, and specifying a locale (such as Locale.US) when calling uppercase() to avoid locale-specific string transformation issues.

Comment thread auth/src/main/java/com/firebase/ui/auth/AuthException.kt
Comment thread auth/src/main/java/com/firebase/ui/auth/AuthException.kt Outdated
@demolaf demolaf marked this pull request as ready for review June 8, 2026 09:05
@demolaf demolaf requested a review from just1and0 June 8, 2026 09:06
@just1and0 just1and0 merged commit 8479299 into version-10.0.0-beta03 Jun 8, 2026
5 checks passed
demolaf added a commit that referenced this pull request Jun 16, 2026
…rror messages (#2333)

* feat(auth): handle GIdP password policy violations with specific error messages

* updates

* updates

* cleanup
demolaf added a commit that referenced this pull request Jun 29, 2026
…rror messages (#2333)

* feat(auth): handle GIdP password policy violations with specific error messages

* updates

* updates

* cleanup
demolaf added a commit that referenced this pull request Jul 1, 2026
…rror messages (#2333)

* feat(auth): handle GIdP password policy violations with specific error messages

* updates

* updates

* cleanup
demolaf added a commit that referenced this pull request Jul 1, 2026
…rror messages (#2333)

* feat(auth): handle GIdP password policy violations with specific error messages

* updates

* updates

* cleanup
demolaf added a commit that referenced this pull request Jul 2, 2026
…rror messages (#2333)

* feat(auth): handle GIdP password policy violations with specific error messages

* updates

* updates

* cleanup
demolaf added a commit to demolaf/FirebaseUI-Android that referenced this pull request Jul 2, 2026
…rror messages (firebase#2333)

* feat(auth): handle GIdP password policy violations with specific error messages

* updates

* updates

* cleanup
demolaf added a commit that referenced this pull request Jul 2, 2026
…ng (#2354)

* fix(auth): improve user identifier retrieval (#2314)

* fix(auth): improve user identifier retrieval

* updates

* fix: ensure that when selecting phone or email, it routes straight to that screen (#2311)

* fix: use secondary app if it is passed into FirebaseAuthUI (#2313)

* fix(auth): make AuthException messages customisable via AuthUIStringProvider (#2320)

* fix(auth): preserve linkDomain in email link ActionCodeSettings (#2321)

* fix(auth): log out before Facebook sign-in to clear stale cached token (#2322)

Co-authored-by: russellwheatley <russellwheatley85@gmail.com>

* Fix typo in README (#2325)

* fix(auth): emit AuthResult on sign-in success and fix MFA tooltip auto-open (#2326)

* fix(auth): update AuthState to reflect success or idle based on user result

* updates

* updates

* refactor: rename auth user state handler

* fix(auth): expose slot parameters through FirebaseAuthScreen (#2328)

* fix(auth): add configurable params for custom UI

- AuthMethodPicker
- EmailAuth
- PhoneAuth
- MFA Enrollment & Challenge

* fix(auth): add demo activities for email and phone authentication with customizable UI

* updates

* updates

* feat(auth): add customMethodPickerTermsContent slot to FirebaseAuthScreen (#2330)

* feat(auth): add termsContent slot to AuthMethodPicker for custom ToS UI

* feat(auth): add termsAccepted parameter to AuthMethodPicker for consent handling

* update example

* updates

* updates

* updates

* feat(auth): add isCredentialLinkingEnabled for authenticated users (#2319)

* feat(auth): add isCredentialLinkingEnabled for authenticated non-anonymous users

* t feat(app): add CredentialLinkingDemoActivity to sample app

# Conflicts:
#	app/src/main/AndroidManifest.xml

* updates

* feat(auth): surface GIdP password policy violations with actionable error messages (#2333)

* feat(auth): handle GIdP password policy violations with specific error messages

* updates

* updates

* cleanup

* fix(auth): allow SAML providers in AuthUIConfiguration (#2331)

* fix(auth): allow saml. prefixed provider IDs in AuthUIConfiguration validation

* updates

* feat(auth): add reauthentication flow with automatic operation retry (#2332)

* wip

# Conflicts:
#	auth/src/main/java/com/firebase/ui/auth/configuration/auth_provider/EmailAuthProvider+FirebaseAuthUI.kt
#	auth/src/main/java/com/firebase/ui/auth/ui/screens/FirebaseAuthScreen.kt

* feat(auth): add reauthentication flow with automatic operation retry

Adds AuthState.ReauthenticationRequired, withReauth(), and createReauthFlow()
to support sensitive operations that require recent sign-in. FirebaseAuthUI.delete()
and withReauth() automatically catch FirebaseAuthRecentLoginRequiredException,
emit the new state carrying the original operation as retryOperation, and
FirebaseAuthScreen presents a ModalBottomSheet overlay scoped to the user's
linked providers — no navigation away from the authenticated screen. On successful
reauthentication the original operation is retried automatically.

* test(auth): add e2e tests for reauthentication flow UI

* updates

* fix reviews

* update README

* feat(auth): implement `legacyFetchSignInWithEmail` configuration option (#2316)

* feat(auth): implement legacyFetchSignInWithEmail configuration option

* test: write tests for legacyFetchSignInWithEmail

* fix(pr): address reviewer feedback on email recovery routing

* refactor(pr): address reviewer feedback on legacy email recovery

* fix: cancellation callback + test

* chore: ignore kotlin cache

* chore: run demo app script from command line

---------

Co-authored-by: demolaf <demolafadumo@gmail.com>

* fix(auth): replace hardcoded loading state strings with translatable string resources (#2339)

* feat(auth): add localized loading messages for various sign-in states

* updates

* feat(auth): update sign-in methods to use AuthUIConfiguration for localized messages

* refactor: use periods to represent ellipsis not the unicode character

* refactor: use qualifiers, not base values in tests

* fix(auth): remember authStateFlow() to avoid resubscribing on every recomposition

* fix(auth): remember authStateFlow() in EmailAuthScreen to avoid resubscribing

* docs(auth): note FirebaseAuthUI.create() instability inside composables

---------

Co-authored-by: Russell Wheatley <russellwheatley85@gmail.com>
Co-authored-by: Nillan Sivarasa <nillan.sivarasa@gmail.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants