Why does Firebase Auth work on localhost but not production?

Your production domain is not in Firebase's Authorized domains list. Add it in Firebase Console → Authentication → Settings → Authorized domains.

Should I use signInWithPopup or signInWithRedirect?

Use signInWithPopup for desktop browsers. Use signInWithRedirect for mobile — popups are unreliable in mobile browsers.

Do I need to configure CORS for Firebase Auth?

No — Firebase Auth handles its own CORS. CORS issues with Firebase are usually about Firestore or Cloud Functions, not Auth.

OAuth

Fix Firebase Auth OAuth Errors

Updated April 2026

 Reading this article? Verify your fix in real-time. Debug your Firebase Auth error → OAuthFixer

Firebase Authentication handles OAuth via its own system. Most errors come from domain not being authorized in Firebase console, or OAuth provider not configured correctly.

Error: auth/unauthorized-domain

The most common Firebase Auth error. Your app's domain is not in the Firebase authorized domains list.

# Fix: Firebase Console → Authentication → Settings → Authorized domains
# Add your domain: yourapp.com
# For localhost: it should be there by default

# Common trigger: deploying to a new domain for the first time

Error: auth/operation-not-allowed

# The sign-in provider is not enabled
# Fix: Firebase Console → Authentication → Sign-in method
# Enable the provider you are using (Google, GitHub, etc.)

Setting up Google sign-in

# Firebase Console → Authentication → Sign-in method → Google → Enable
# No additional configuration needed for Google
# Firebase handles the OAuth client credentials automatically

# In your code:
import { GoogleAuthProvider, signInWithPopup } from "firebase/auth";

const provider = new GoogleAuthProvider();
provider.addScope("email"); // request email scope

const { user } = await signInWithPopup(auth, provider);

Setting up GitHub sign-in

# 1. Create GitHub OAuth App at github.com/settings/developers
# Authorization callback URL: use the URL shown in Firebase console
# (it looks like: https://yourproject.firebaseapp.com/__/auth/handler)

# 2. Firebase Console → Authentication → Sign-in method → GitHub → Enable
# Enter GitHub Client ID and Client Secret

# 3. In your code:
import { GithubAuthProvider, signInWithPopup } from "firebase/auth";

const provider = new GithubAuthProvider();
const { user } = await signInWithPopup(auth, provider);

Error: auth/popup-blocked

# Browser blocked the popup — call signInWithPopup from a user gesture
# Wrong — called automatically:
window.onload = () => signInWithPopup(auth, provider); // ❌

# Right — called from button click:
button.addEventListener("click", () => signInWithPopup(auth, provider)); // ✅

Error: auth/redirect-cancelled-by-user or auth/popup-closed-by-user

# User closed the popup — handle gracefully, not as an error
try { const result = await signInWithPopup(auth, provider);
} catch (error) { if (error.code === "auth/popup-closed-by-user") { // User cancelled — do not show error, just let them try again return; } // Other errors — show message console.error(error);
}

Use signInWithRedirect for mobile

# Popups are unreliable on mobile browsers
# Use signInWithRedirect + getRedirectResult instead

import { signInWithRedirect, getRedirectResult } from "firebase/auth";

// On button click
await signInWithRedirect(auth, provider);

// On page load — check for redirect result
const result = await getRedirectResult(auth);
if (result) { const user = result.user;
}

Debug your Firebase Auth error → OAuthFixer