Firebase Authentication "Incorrect Password"

I've used some guides to authenticate Firebase to MIT app inventor, without any extensions. The only problem I'm having is that if you just enter some random numbers and letters in the email and password box, it will let you in. I've tried workarounds like setting the code to check if that users token exists and to display an error message, but that hasn't worked out. I've linked a photo below of all the blocks in my sign in page, and I also have a separate screen for creating accounts which works perfectly. This is the only problem with the sign in screen.

In web3.gottext, explain your if not token test

Could you please show me how to do that? Sorry for the inconvenience, I'm not that much of an experienced coder.

What url are you using for "getAccountInfo" ?

I am assuming you have already signed in the user in order to get the correct idToken?

You do understand that you only need the email and password to sign in the user to return the idToken, then once you have that you can call back profile information, with a separate call ?

The url for 'getAccountInfo' is,

Yes, I know you only need the email and password and on my other screen with the create account information provides the token. Token is then gotten via TinyDB on the Sign in screen to log in, it works fine. Only problem is you could just put random stuff in the email and password box and it would log you in, even thogh it should be checking for a token. But I suppose if I require the textbox to only accept valid email addresses, via the 'contains' block from the Text area, it could actually be able to check for that email if its valid.

As I indicated previously, email and password are required for sign in, you do not need these to return the account info.

So what should I do? I have email and password enabled in the Authentication settings as well as adding the necessary blocks and components needed to be able to sign in.

I will prepare an example for you, sometime tomorrow morning GMT.

1 Like

This works for me...a user signs in with their email and password, this returns the idToken, which is then used in a second call to return the account information:

FBGetAccountInfo.aia (3.2 KB)

1 Like

After it looks up the idToken and the credintials, where would I define for it what to do next? Let's say if I wanted it to open up another screen after the inputted credentials are corrected and verified, and it should open up another screen.

You will need to assess whichever account info detail is important to you, and if that is true, then go to another screen

So could I just add a few blocks of code that somehow state that if the account credentials are correct then to open the home screen, and if incorrect to show a message?

Tried lots of different equations and actions, variables, nothing seems to be working correctly.

You need to test the first response from SignIn. If idToken does not exist, then "incorrect email or password" message to user. This will work when using the signin url. The signup url will allow any email/password.

Something like this:

So I'm guessing you'd add the open another screen block under the call Web1 post text block, am I correct?

Or probably under the area where else if get global action = getAccountInfo
And on the next then, I'll add the blocks I would want

I feel like ever since i've used this set of code, my thing just stopped working? It keeps telling me invalid id token and I'm not sure why?

Hello there,

It seems as if something is wrong with the Create Account screen on my app, because It doesn't seem to be saving my idToken to the get global token command, so when I need to use TinyDB to get the token and use it on the sign in screen it doesn't work. I tracked down the problem and I'm pretty sure the problem is somewhere on this screen. I've tried lots of methods and changed around some blocks but I'm not sure what's causing the problem.
I've provided my blocks on the CreateAccount screen, but if needed I can provide all of the blocks on my SignIn Screen

You need to ensure that where ever you sign in you get the idToken, because a new idToken is generated each time you sign in. As previously advised, the saving of the idToken to tinydb is not required because you will get a new idToken every time you sign in.

Are you expecting the user to verify their email before they can sign in to use the app? If so, you do not appear to show the blocks for this.

Your getAccountInfo url still looks incorrect, you only need the idToken, you do not need to sign in. (and sign in only requires the email and password)

I use TinyDB to store the idToken and to get it on the Sign In screen since they aren't on the same screen, but I don't know why I'm not getting the idToken.

Yes, Hopefully the user is able to verify their email before they sign in, I deleted the blocks for that but never re added it back. I think I was using if StatusText.Text contains true, then "successfully log in" else "Please verify your email"

I know the sign in only requires email and pass, on the create account screen I just added another box for their name. And I don't have a variable for getAccountInfo nor can I find it in my script or on the Rest API website.