firebase-android-sdk
firebase-android-sdk copied to clipboard
firebase
Firebase phone auth OTP no longer being read automatically
Android device: Any device Android OS version: Any version (have tested this starting from OS21 all the way to the latest OS - bug repros everywhere) Google Play Services version: com.google.gms:google-services:4.3.8 Firebase/Play Services SDK version: com.google.firebase:firebase-auth:21.0.1 FirebaseUI version: com.firebaseui:firebase-ui-auth:7.1.1
Steps to reproduce: OTP was being read automatically in my app for many months now. It has suddenly stopped working in the last few weeks. There are no specific steps to reproduce - OTP is never read automatically anymore. My code (which has been working for many months now) has not changed at all - it is pretty much the same as the code in the Firebase Auth documentation / samples - nothing special here.
I have verified that the SMS template being used is correct and matches the OTP received. I have also enabled Android SafetyNet / app verification, to no avail.
I filed an issue in the Firebase Auth UI repo (https://github.com/firebase/FirebaseUI-Android/issues/1948) and was directed to file an issue here instead.
I found a few problems with this issue:
- I couldn't figure out how to label this issue, so I've labeled it for a human to triage. Hang tight.
- This issue does not seem to follow the issue template. Make sure you provide all the required information.
Hi @vijtheveg Thank you for the provided details. I haven't been able to reproduce it on our end yet. A sample project where the issue can be reproduced will significantly help the investigation. Also, let us know if you noticed any patterns like issues occurred on some model devices etc.
Thanks @aguatno, for your response. It takes considerable amount of time to create a working sample app using Firebase auth and given that my code has not changed at all in the past 6 months, and is virtually identical to the code in your documentation, something else is happening.
The only other change that I can think of is that my app name as specified in the Play Store changed from 'MeraBills' to 'MeraBills - Small Business Management & Accounting.'
Consequently, the receive SMS looks like: '697874 is your verification code for MeraBills - Small Business Management & Accounting.' - do you think the presence of the special characters in the app name (-, & and .) may be causing problems with the SMS parsing?
The only LogCat line that seems to appy to this problem is the one below: 2021-05-27 23:52:53.338 21157-21334/com.merabills.merchant_app_android W/System: Ignoring header X-Firebase-Locale because its value was null.
FYI, I removed special characters from the app name - this problem continues to happen
Hi, @vijtheveg, @aguatno I have also faced this issue, but for me how this occurred is different. Before publishing my app in playstore in OTP messages there use to be the app's hash value which helped in automatically detecting the OTP messages and authenticating. But since I published it on the play store the hash value got replaced by the app's name and no longer I am able to verify OTP automatically.
I checked out a few documentation where they suggested I add that app's hash value at the end of the OTP message. But unfortunately, I cannot edit the template in firebase auth.
I am attaching the screenshot of OTP messages before and after publishing it to playstore.
This problem is the same with all the devices.
I have used the exact same code mentioned in this firebase doc and earlier it was working fine before publishing to play store.
Hey there, Malcolm from Firebase here. Right now, this is expected behavior - your application's name is long enough that is crowds out the application hash from the SMS. However, I think I might have a way of more appropriately assessing when to include/exclude application hashes that should leave you with fewer pain points. For the moment:
- There are no workarounds, so just sit tight
- I'll see whether or not we can do anything, but I can't make any promises as to whether or not I'll be able to remedy the issue. But we'll at least take a look :)
Thank you, Malcolm! So, shortening the application name to around 10-15 characters from its current length will be a workaround, correct?
It looks like shortening the name of the app does indeed fix the problem! The OTP is being read correctly, now that I shortened the app name.
@malcolmdeck if this issue cannot be remedied, can it at least be documented, so people are aware of the implications of the length of the app's name?
@Iltwats - it looks like you were right about the missing hash being the problem!
@malcolmdeck the 10-15 chars is for the English language. For Greek, the space left is 3 characters ... which is, well, impossible to workaround.
I would imagine shortening the text from your side would help. There is definitely a shorter text version you could use.
@Jcardif you have to change your app's name on playstore, not on firebase.
to what maximum length we can have our app name any idea?
@shubhamdeol I guess it's up to 50-60 characters, as currently in my App's OTP message, length is around 50.
@shubhamdeol I guess it's up to 50-60 characters, as currently in my App's OTP message, length is around 50.
my app has 49 characters to be exact, still auto verification is not working for us. Can you tell your exact length
Any workaround to make this work? I'm building a React Native app using Firebase authentication and have the exact same issue for Android devices My @react-native-firebase/auth version is 12.4.0
@OriErel no workaround brother, Nothing worked for me. I had to rollback to previous react native and react native auth versions, the ones I was using before
Officials of Firebase please rectify this issue my seniors thinks that I don't know how to implement Firebase Auth....lol.
Here is my build.gradle (Project Level)
` buildscript { repositories { google() mavenCentral() } dependencies { classpath 'com.android.tools.build:gradle:4.1.3' classpath 'com.google.gms:google-services:4.3.10' //4.3.5 // NOTE: Do not place your application dependencies here; they belong // in the individual module build.gradle files classpath 'com.google.firebase:firebase-crashlytics-gradle:2.3.0' classpath 'com.google.firebase:perf-plugin:1.3.3' // classpath "org.jetbrains.kotlin:kotlin-gradle-plugin:1.4.32" // classpath "org.jetbrains.kotlin:kotlin-noarg:1.4.32" // classpath 'com.novoda:bintray-release:0.9.2' } }
allprojects {
repositories {
mavenCentral()
google()
// mavenCentral()
gradlePluginPortal()
maven { url 'https://jitpack.io' }
}
}
task clean(type: Delete) {
delete rootProject.buildDir
}`
And Here is my build.gradle (App level)
` apply plugin: 'com.android.application' apply plugin: 'com.google.gms.google-services' apply plugin: 'com.google.firebase.crashlytics' apply plugin: 'com.google.firebase.firebase-perf'
android {
compileSdkVersion 30
buildToolsVersion "30.0.2"
defaultConfig {
applicationId "com.XYZ.XYZ"
minSdkVersion 22
targetSdkVersion 30
versionCode 1
versionName "1.1"
testInstrumentationRunner "androidx.test.runner.AndroidJUnitRunner"
}
buildTypes {
release {
minifyEnabled false
shrinkResources false
proguardFiles getDefaultProguardFile('proguard-android-optimize.txt'), 'proguard-rules.pro'
}
}
lintOptions {
checkReleaseBuilds false
}
compileOptions {
sourceCompatibility JavaVersion.VERSION_1_8
targetCompatibility JavaVersion.VERSION_1_8
}
}
dependencies {
// implementation fileTree(dir: 'libs', include: ['*.jar'])
implementation 'androidx.appcompat:appcompat:1.3.1'
implementation 'androidx.legacy:legacy-support-v4:1.0.0'
implementation 'com.google.android.material:material:1.4.0'
implementation "com.google.android.material:material:1.5.0-alpha01"
implementation 'androidx.constraintlayout:constraintlayout:2.1.0'
testImplementation 'junit:junit:4.13.2'
androidTestImplementation 'androidx.test:runner:1.4.0'
androidTestImplementation 'androidx.test.espresso:espresso-core:3.4.0'
implementation "androidx.core:core-ktx:1.6.0"
implementation 'com.google.android.play:core:1.10.0'
implementation 'com.google.android.play:core-ktx:1.8.1'
implementation 'androidx.browser:browser:1.3.0'
implementation 'com.google.firebase:firebase-core:19.0.0'
implementation 'com.google.android.gms:play-services-auth:19.2.0'
implementation 'com.google.firebase:firebase-auth:21.0.1'
implementation 'com.github.bumptech.glide:glide:4.11.0'
annotationProcessor 'com.github.bumptech.glide:compiler:4.11.0'
implementation 'com.firebase:firebase-client-android:2.5.2'
implementation 'com.android.volley:volley:1.2.0'
implementation 'com.google.firebase:firebase-messaging:22.0.0'
implementation 'com.google.firebase:firebase-storage:20.0.0'
implementation 'com.firebaseui:firebase-ui-storage:3.2.1'
implementation 'com.github.psinetron:slycalendarview:0.0.9'
// Recommended: Add the Firebase SDK for Google Analytics.
implementation 'com.google.firebase:firebase-analytics:19.0.0'
implementation 'com.google.firebase:firebase-dynamic-links:20.1.1'
implementation 'de.hdodenhof:circleimageview:3.1.0' //circular image view
// Add the dependency for the Performance Monitoring library
implementation 'com.google.firebase:firebase-perf:20.0.2'
implementation 'com.google.firebase:firebase-firestore:23.0.3'// Firebase Firestore database
implementation 'com.firebaseui:firebase-ui-firestore:8.0.0'// FirebaseUI for Cloud Firestore
implementation 'androidx.paging:paging-runtime:3.0.1'// Paging Library
implementation 'com.google.code.gson:gson:2.8.6'
implementation 'com.google.android.libraries.places:places:2.4.0' //New google places api
implementation 'com.google.maps.android:android-maps-utils:0.3.4'
implementation 'com.google.android.gms:play-services-location:18.0.0'
implementation 'com.google.android.gms:play-services-places:17.0.0'
implementation 'com.github.pchmn:MaterialChipsInput:1.0.8'// material chip
implementation 'com.hootsuite.android:nachos:1.1.1'// material chips
implementation 'com.google.android:flexbox:2.0.1'
//EventBus enables central communication to decoupled classes with just a few lines of code
implementation 'org.greenrobot:eventbus:3.1.1'
implementation 'com.github.smarteist:autoimageslider:1.3.2'
//library to implement auto image slider
implementation 'com.github.marlonlom:timeago:4.0.3'
//Simple java library for displaying dates as relative time ago language.
implementation 'cn.jzvd:jiaozivideoplayer:7.5.0'
//check internet state
implementation 'com.github.ImaginativeShohag:Oops-No-Internet:v1.1.5'
implementation "androidx.swiperefreshlayout:swiperefreshlayout:1.1.0"
implementation 'com.karumi:dexter:6.2.1'//
implementation "com.leinardi.android:speed-dial:3.1.1"//floatingActionBtn
implementation 'com.github.chrisbanes:PhotoView:2.3.0'//Zoomable Imageview library
// Add the Firebase SDK for Crashlytics.
implementation 'com.google.firebase:firebase-crashlytics:18.2.1'
//GIFs, Stickers and emojis library
implementation 'com.gsconrad:richcontentedittext:1.0.0'
//image zoomable and dissimisable both in one library like whatsapp
implementation 'com.github.stfalcon:stfalcon-imageviewer:1.0.1'
//WorkRequest implementation 'android.arch.work:work-runtime:1.0.1' // implementation 'com.borjabravo:readmoretextview:2.1.0'//read more text
implementation "joda-time:joda-time:2.10.10"
implementation "com.razorpay:checkout:1.6.6"
implementation 'io.github.lucksiege:pictureselector:v2.7.3-rc06'
implementation 'com.google.firebase:firebase-appcheck-safetynet:16.0.0-beta02'//App Check with SafetyNet
} repositories { mavenCentral() } `
Please let me know if anything I am missing
Hi I am also facing the same issue. Can't change the app name. Any walkaround??
Hi Same issue here, and my app name has only 5 characters, what should i do?
Very interesting. This looks like multiple problems at once:
1- hash maybe missing entirely? https://developers.google.com/identity/sms-retriever/verify#computing_your_apps_hash_string 2- app name "too long"
Folks with short app names that still don't have it working should investigate item 1. You can likely fix yourselves.
Item 2 is currently intractable with current information.
There are some questions that could help affected users:
- it is described as starting "some weeks before" May 24 (date of issue) I suppose? What version stopped working? There is reported success with an older version, which version works?
- there are multiple requests for some spec on exactly how many characters are required. Of course there are language differences etc but if there is some secret hash that must be appended to the SMS and received by the app, making that requirement explicit and documented seems like it would be a big help...
facing same issue. after uploading to the Play Store I no longer see the 11 char hash at the end of the SMS and the auto-complete no longer works. Since my app is not yet verified in the Play Store I see both my package name which 32 chars, plus the "(unreviewed)" string being appended to the SMS. My assumption is that once verified the package name will be replaced with my app title/name, which happens to be short for me (only 5 chars) - but would still like to know what the total message length limit is.
Also, can someone confirm that in all cases, the 11 char hash is required for auto-complete? So if I don't see it in the SMS, there's no chance of auto-complete working?
Experiencing same issue after updating firebase auth from 18.1.0 to 21.0.1. App name is just 6 characters and 36 characters on google play store.
Very interesting. This looks like multiple problems at once:
1- hash maybe missing entirely? https://developers.google.com/identity/sms-retriever/verify#computing_your_apps_hash_string 2- app name "too long"
Folks with short app names that still don't have it working should investigate item 1. You can likely fix yourselves.
Item 2 is currently intractable with current information.
There are some questions that could help affected users:
- it is described as starting "some weeks before" May 24 (date of issue) I suppose? What version stopped working? There is reported success with an older version, which version works?
- there are multiple requests for some spec on exactly how many characters are required. Of course there are language differences etc but if there is some secret hash that must be appended to the SMS and received by the app, making that requirement explicit and documented seems like it would be a big help...
@mikehardy Tested Item 2, it does not work for me. Regarding Item 1, I think hash is not missing as auto correct used to work nicely for previous version of react native firebase auth
Here's the latest twist on this problem. This seems to be failing for different langauges as well, as the text for some languages is longer than others. See below an example of hash missing in Tamil (second message) but succeeding in Kannada (first message).
I think the difference is that the length of the Tamil message is greater than that of the Kannada message (the app name is same in both) - so it looks like the overall length of the message exceeding some threshold, thereby causing this bug.
I believe that testing results, to be truly useful, need to be in the form of actual text attempted, not images, with exact character counts that worked and language encoding in use for same. For example 'text here that was your message', 43 chars of utf-16 language kannada. Or similar. No one is going to try to guess the numbers for you from an image to derive the rule... Additionally it would be good to attempt progressive shortening of your message until it works.
@mikehardy, I'm not sure I understand. I am not sending these SMS messages - they are being sent by the Firebase auth server as part of the phone auth flow. I don't have any control over the content of the message either - this is decided by Firebase auth as well. I'm not sure how I can therefore "attempt progressive shortening of your message until it works"
Here are the SMS messages as text, in case that helps.
MeraBills ಗಾಗಿ ನಿಮ್ಮ ಪರಿಶೀಲನೆ ಕೋಡ್ 603708 ಆಗಿದೆ. 6f4mfX0ga0k
MeraBills பயன்பாட்டிற்கான உங்கள் சரிபார்ப்புக் குறியீடு 985041 ஆகும்.
Interesting! @vijtheveg I had forgotten the wrinkle / complication where we (as users of auth API calls) are not actually even in control of the messages, if I understand correctly. If we can't modify the templates for the OTP as they are internationalized then this attempt to reverse engineer a maximum text length so the OTP fits in will still be hit or miss. There's nothing to do then I suppose except wait for official support from @malcolmdeck et al