flutterfire icon indicating copy to clipboard operation
flutterfire copied to clipboard
verified publisher icon firebase

firebase_auth: FirebaseAuthException not caught properly during signInWithEmailAndPassword

Open PeeyushSachan opened this issue 6 months ago • 2 comments

Is there an existing issue for this?

  • [x] I have searched the existing issues.

Which plugins are affected?

Auth

Which platforms are affected?

Android

Description

When using FirebaseAuth.instance.signInWithEmailAndPassword, the login is successful when the credentials are correct. However, if:

The email is incorrect (user-not-found)

Or the password is incorrect (wrong-password)

The exception is not handled correctly as documented.

According to the FlutterFire documentation: https://firebase.flutter.dev/docs/auth/password-auth and Firebase’s official guide: https://github.com/firebase/flutterfire/blob/main/docs/auth/password-auth.md

We should be able to catch FirebaseAuthException like this:

try {
  final credential = await FirebaseAuth.instance.signInWithEmailAndPassword(
    email: emailAddress,
    password: password,
  );
} on FirebaseAuthException catch (e) {
  if (e.code == 'user-not-found') {
    print('No user found for that email.');  // it not trigger when email is not exist
  } else if (e.code == 'wrong-password') {
    print('Wrong password provided for that user.');  // it not trigger when user is correct but pass are incorrect
  }
}

But in practice, neither 'user-not-found' nor 'wrong-password' messages are triggered. It seems the FirebaseAuthException is thrown, but something in the plugin or method causes the flow to exit before reaching the conditional error handling.

Reproducing the issue

Reproducing the issue

1.Use valid email with wrong password

  1. Use invalid email with any password

3.Observe that neither of the expected error messages is printed.

Bug Video https://drive.google.com/file/d/1x-8iaQTkwx4pgndwygwL78bele00JvcT/view?usp=sharing

Firebase Core version

3.15.2

Flutter Version

3.29.2

Relevant Log Output

Flutter dependencies

No response

Additional context and comments

No response

PeeyushSachan avatar Jul 30 '25 14:07 PeeyushSachan

I got the solution after deep research: it should be mentioned in the documentation.

https://cloud.google.com/identity-platform/docs/admin/email-enumeration-protection#overview

Image

PeeyushSachan avatar Jul 31 '25 02:07 PeeyushSachan

Hi @PeeyushSachan, thanks for pointing this out. The documentation should be updated.

SelaseKay avatar Jul 31 '25 07:07 SelaseKay