Implementing Login/user resistration

zahirbmirza · January 18, 2025, 9:25am

How have you all been managing with login/user authentications? Have tried so many methods, Agent suggessted ones, Replit Auth 2.0, even debugging with my completely novice coding skills. But, cannot get past login screens. Surely there is an intuitive/functioning method. Thanks all.

CYCH0 · January 18, 2025, 11:40am

Hi, I never had any issues with it. Did you see the “Register” link?

baAES · January 18, 2025, 1:47pm

Hi, so far I have found the best success using the Firebase Console for Login/ User registration. This will allow you to use Login with Google, Email / Password, Email or SMS with OTP for /auth.

You may get a cannot “Generate New Private Key” to download a JSON file due to restrictions enabled on the account, if so prompt Application Default Credentials (ADC) a better more secure approach instead of modifying org policies.

Hope this helps !

JHM · January 18, 2025, 2:02pm

I just wanted to say, as a new and unskilled user, creating a workable (or even working) auth is maybe the hardest bit.

One weird trick I learned: auth is much easier if you don’t try and test within the captive window. Open in a separate tab and it’s more likely to work.

Nick · January 18, 2025, 4:06pm

If you are looking for a simple auth process (such as sending a code to an email address) you can use sendgrid (https://sendgrid.com/) - Email API - ensure you use the specific email address that is verified in your account or else it won’t work. I agree with Firebase for more of a structured solution though.

pmz · January 19, 2025, 1:17am

This is a great observation. Something about how the captive browser window works in Replit does not always accurately represent if the login/auth features are working. This is almost always the case if I build something on the desktop and then try and test on the Replit mobile app, but in the webview captive browser.

ericellis5 · January 28, 2025, 3:50am

I have seen a bug that is only on Mac running Safari where cookies are not properly stored in the Webview browser. PC running Edge or Firefox can use Webview inside Replit just fine and store session cookies. Also, if you run in Safari outside the Webview on Mac it seems to work fine as well.

This could prevent many simple login/session flows from working on Mac. I don’t know if it’s widespread or the same issue for me as what you’re seeing though.

karenegoeller · February 1, 2025, 4:30pm

I’m so glad to see I’m not the only one struggling with these issues. I figured this would be the simplest part of the app for the Agent as it’s such a common use case.

But can you clarify - HOW do you use Firebase Console for this? Do you tell the Agent to implement it as part of your prompting during creation? As a newbie to this (but someone who programmed for years, just have been out of doing it for about 7 years now), do I need to set up Firebase somewhere and tell the agent to connect/use it? or can the agent set up whatever is needed?

Thanks!

zahirbmirza · February 1, 2025, 5:13pm

This is useful, thank you.

zahirbmirza · February 1, 2025, 5:13pm

I think this is part of the issue, thank you.

zahirbmirza · February 1, 2025, 5:14pm

Good thought, I may try this. Needs to be simple

zahirbmirza · February 1, 2025, 5:15pm

Yes! Let me try a workaround for this. Thank you.

ericellis5 · February 10, 2025, 8:00pm

Here’s a GPT answer which may or may not be completely accurate, but seems to map to my experience with it. It’s strange that this issue isn’t more widely documented or explained.

Replit’s internal browser behaves differently across operating systems and browsers because it relies on the underlying webview technology provided by the OS. Here’s why you’re seeing different cookie behaviors:

Windows (Edge) vs. Mac (Safari) Cookie Behavior in Replit

Windows (Edge)

Replit’s internal browser on Windows likely uses WebView2, which is based on Chromium/Edge.
WebView2 supports persistent cookies unless explicitly disabled.
This means cookies work similarly to a regular Chrome/Edge session.

Mac (Safari)

Replit’s internal browser on macOS is based on WKWebView, which has stricter cookie policies.
WKWebView does not persist cookies by default, especially in sandboxed environments.
Safari’s Intelligent Tracking Prevention (ITP) can also block third-party cookies and limit cookie persistence in embedded web views.

Why the Difference?

Different Web Engines
- Windows uses Chromium (Edge/WebView2) → More permissive with cookies.
- macOS uses WebKit (Safari/WKWebView) → Stricter cookie handling.
Security & Privacy Policies
- Safari (WKWebView) enforces ITP, which limits third-party and session cookies.
- Edge (WebView2) follows Chromium’s more relaxed cookie handling.
Sandboxing in Replit
- If Replit runs inside a sandboxed WebView, macOS will block persistent cookies.
- Windows’ WebView2 may allow them unless specifically restricted.

Workarounds for macOS (Safari/WKWebView)

Use an External Browser: Open Replit in a full browser (Chrome/Firefox) instead of the internal preview.
Test with a Chromium-Based Browser: If you need consistent cookie behavior, try Google Chrome on macOS instead of Safari.
Check Storage API: Some WebKit environments block cookies but allow localStorage or IndexedDB as an alternative.

Topic		Replies	Views
User login and authentication Agent & Assistant	30	460	February 3, 2026
Everyday Calendar - Documenting the full build process as a tutorial for setting up Google Sign in Showcase	7	89	March 19, 2025
Still unable to create login pages Agent & Assistant	4	58	November 15, 2025
Full user reg, login, session solution for us to copy Feature Requests	6	65	February 8, 2025
New Replit Auth service not recognized by Agent Bugs	5	45	May 17, 2025