This Firebase Authentication error occurs when email action handlers (password reset, email verification) are called without a valid continue URL. The continue URL redirects users after completing the action and must be properly configured in your Firebase project settings and API calls.
The "auth/missing-continue-uri" error is a Firebase Authentication error that occurs when you're trying to send an email action (like password reset, email verification, or email change) but haven't provided a valid "continue URL" parameter. In Firebase Authentication, when users click links in password reset or email verification emails, they need to be redirected back to your application after completing the action. The continue URL specifies where they should be redirected. This error happens when: 1. You're calling Firebase Authentication methods (sendPasswordResetEmail, sendEmailVerification, etc.) without providing a continue URL parameter 2. The continue URL you provided is invalid, malformed, or not authorized in your Firebase project settings 3. You're using Firebase Admin SDK without proper URL configuration The error prevents the email from being sent because Firebase needs to know where to redirect users after they complete the action in their email client.
When calling Firebase Authentication methods that send emails, you must provide a continueUrl in the actionCodeSettings parameter:
// Firebase Web SDK v9+
import { getAuth, sendPasswordResetEmail } from "firebase/auth";
const auth = getAuth();
const actionCodeSettings = {
url: 'https://yourapp.com/reset-password-complete', // Your continue URL
handleCodeInApp: false // Set to true if using mobile app
};
sendPasswordResetEmail(auth, '[email protected]', actionCodeSettings)
.then(() => {
console.log('Password reset email sent');
})
.catch((error) => {
console.error('Error:', error);
});For email verification:
import { getAuth, sendEmailVerification } from "firebase/auth";
const auth = getAuth();
const user = auth.currentUser;
const actionCodeSettings = {
url: 'https://yourapp.com/email-verified'
};
sendEmailVerification(user, actionCodeSettings)
.then(() => {
console.log('Verification email sent');
});The continue URL's domain must be authorized in your Firebase project:
1. Go to Firebase Console (console.firebase.google.com)
2. Select your project
3. Navigate to Authentication → Settings
4. Under "Authorized domains", add your domain:
- For web apps: Add your production domain (e.g., yourapp.com)
- For development: Add localhost
- For mobile apps with deep links: Configure your app's URL scheme
Authorized domains:
- yourapp.com
- localhost
- yourapp.page.link (for Firebase Dynamic Links)Without proper authorization, Firebase will reject the continue URL.
If using Firebase Admin SDK (Node.js, Python, etc.), ensure you're passing actionCodeSettings with continueUrl:
// Firebase Admin SDK for Node.js
const admin = require('firebase-admin');
const actionCodeSettings = {
url: 'https://yourapp.com/reset-password-complete',
handleCodeInApp: false
};
admin.auth()
.generatePasswordResetLink('[email protected]', actionCodeSettings)
.then((link) => {
// Send custom email with this link
console.log('Password reset link:', link);
})
.catch((error) => {
console.error('Error generating link:', error);
});For email verification links:
admin.auth()
.generateEmailVerificationLink('[email protected]', actionCodeSettings)
.then((link) => {
// Send custom verification email
});Ensure your continue URL follows these requirements:
1. Valid URL format: Must start with http:// or https://
2. Authorized domain: Domain must be in Firebase Console authorized domains
3. No fragments: Should not contain #fragment identifiers
4. Proper encoding: URL parameters must be properly encoded
// ✅ Valid URLs
'https://yourapp.com/reset-password'
'https://yourapp.com/verify-email?userId=123'
'http://localhost:3000/auth-callback'
// ❌ Invalid URLs
'/reset-password' // Missing protocol and domain
'yourapp.com/reset-password' // Missing protocol
'https://yourapp.com/#/reset' // Contains fragment
'https://unauthorized-domain.com/reset' // Domain not authorizedTest with a simple URL first, then add query parameters if needed.
For development, you need to configure Firebase to accept localhost URLs:
1. Add localhost to authorized domains in Firebase Console
2. Use proper localhost URL in your code:
// Development configuration
const isDevelopment = process.env.NODE_ENV === 'development';
const actionCodeSettings = {
url: isDevelopment
? 'http://localhost:3000/reset-password-complete'
: 'https://yourapp.com/reset-password-complete',
handleCodeInApp: false
};3. For mobile app deep links, configure your app's URL scheme:
// iOS/Android deep link configuration
const actionCodeSettings = {
url: 'yourapp://reset-password',
handleCodeInApp: true, // Important for mobile apps
dynamicLinkDomain: 'yourapp.page.link' // For Firebase Dynamic Links
};Create a test script to verify your configuration works:
// Test script for password reset
async function testPasswordReset() {
try {
const auth = getAuth();
const actionCodeSettings = {
url: 'https://yourapp.com/reset-password-complete',
handleCodeInApp: false
};
await sendPasswordResetEmail(auth, '[email protected]', actionCodeSettings);
console.log('✅ Test passed: Email sent successfully');
// Check Firebase Console logs
console.log('Check Firebase Console → Authentication → Users for email status');
} catch (error) {
console.error('❌ Test failed:', error.code, error.message);
// Common error codes:
// - auth/missing-continue-uri: Continue URL missing
// - auth/invalid-continue-uri: URL invalid or unauthorized
// - auth/unauthorized-continue-uri: Domain not authorized
}
}
testPasswordReset();Monitor Firebase Console → Authentication → Users to see if emails are being sent successfully.
### Understanding Firebase Action URLs
Firebase Authentication generates special action URLs for email operations. These URLs contain:
- Action type (resetPassword, verifyEmail, recoverEmail)
- User identifier
- One-time code
- Continue URL for redirection
When a user clicks the link in their email, Firebase:
1. Validates the one-time code
2. Performs the action (resets password, verifies email)
3. Redirects to your continue URL with success/failure parameters
### Security Considerations
1. URL validation: Firebase validates continue URLs against authorized domains to prevent phishing attacks
2. One-time codes: Action links contain time-limited, single-use codes
3. State preservation: The continue URL can include state parameters (encoded in the link) to restore user session
### Custom Email Templates
When using Firebase Admin SDK to generate links, you can send custom email templates:
// Generate link with Admin SDK
const resetLink = await admin.auth().generatePasswordResetLink(
'[email protected]',
{ url: 'https://yourapp.com/reset-complete' }
);
// Send custom email
await sendCustomEmail({
to: '[email protected]',
subject: 'Reset your password',
html: `<a href="${resetLink}">Click here to reset password</a>`
});### Firebase Dynamic Links Integration
For mobile apps, use Firebase Dynamic Links to handle the redirect:
const actionCodeSettings = {
url: 'https://yourapp.page.link/reset',
handleCodeInApp: true,
dynamicLinkDomain: 'yourapp.page.link',
ios: { bundleId: 'com.yourapp.ios' },
android: {
packageName: 'com.yourapp.android',
installApp: true,
minimumVersion: '12'
}
};This creates a Dynamic Link that opens your mobile app directly.
messaging/UNSPECIFIED_ERROR: No additional information available
How to fix "messaging/UNSPECIFIED_ERROR: No additional information available" in Firebase Cloud Messaging
App Check: reCAPTCHA Score Too Low
App Check reCAPTCHA Score Too Low
storage/invalid-url: Invalid URL format for Cloud Storage reference
How to fix invalid URL format in Firebase Cloud Storage
auth/missing-uid: User ID identifier required
How to fix "auth/missing-uid: User ID identifier required" in Firebase
auth/invalid-argument: Invalid parameter passed to method
How to fix "auth/invalid-argument: Invalid parameter passed to method" in Firebase