🐛 [firebase_auth] firebase_auth/internal-error creating OAuthProvider.credential

[tr-stan]

Bug report

I am trying to pass in an identity token and/or access token to the OAuthProvider().credential() method in order to link a user logging in with LINE to an anonymous user created at app launch, but receiving the error:

flutter: [firebase_auth/internal-error] An internal error has occurred, print and inspect the error details for more information.
flutter: Error code: internal-error

Steps to reproduce

I'm not exactly how to share steps to produce the behavior, since they require using the flutter_line_sdk package from pub.dev to obtain the LINE user's access/id tokens for auth purposes, which is lengthy and involves private/confidential information. However, hopefully the sample code below can help with troubleshooting.

Expected behavior

I expect for:

oAuthCredential = OAuthProvider("line.com").credential(
      idToken: myLineUserIdToken
     # and/or!
      accessToken: myLineUserAccessToken,
);

to return an OAuthCredential as it does with Sign in With Apple that I can pass into:

 userCredential = await _user.linkWithCredential(oAuthCredential);

Sample project

the _user variable below is a reference to the currently/previously logged in anonymous user that is created at app launch.

final loginResult = await line.login(scopes: [
        "profile",
        "openid",
        "email",
      ]);

      UserCredential userCredential;
      final verificationResult = await line.verifyAccessToken();

if (verificationResult.data != null) {
        final idToken = loginResult.accessToken.idToken;
        final idTokenRaw = loginResult.accessToken.idTokenRaw;

OAuthCredential oAuthCredential;
try {
          print('===== ID TOKEN (RAW) =====');
          print(idTokenRaw);
          print('===== ACCESS TOKEN =====');
          print(loginResult.accessToken.data["access_token"]);
          print('===== _user IS ANONYMOUS =====');
          print(_user.isAnonymous);

          oAuthCredential = OAuthProvider("line.com").credential(
              idToken: loginResult.accessToken.idTokenRaw,
              accessToken: loginResult.accessToken.data["access_token"]);
          userCredential = await _user.linkWithCredential(oAuthCredential);
        } on FirebaseAuthException catch (e, s) {
          print('Error linking LINE cred to anonymous credential:');
          print('\n$e\nstack:$s');
          print('Error code: ${e.code}');
       }
}

Outputs:

flutter: ===== ID TOKEN (RAW) =====
flutter: my.LineAuthIdToken.jwt
flutter: ===== ACCESS TOKEN =====
flutter: my.LineAuthAccessToken.jwt
flutter: ===== _user IS ANONYMOUS =====
flutter: true
flutter: [firebase_auth/internal-error] An internal error has occurred, print and inspect the error details for more information.
stack:#0      MethodChannelUser.linkWithCredential
package:firebase_auth_platform_interface/…/method_channel/method_channel_user.dart:98
<asynchronous suspension>
#1      User.linkWithCredential
package:firebase_auth/src/user.dart:185
<asynchronous suspension>
#2      LineAuthService.signInWithLine
package:wordbud/auth/line_auth_service.dart:94
(^this line is referencing the code above `userCredential = await _user.linkWithCredential(oAuthCredential);`^)
<asynchronous suspension>
#3      _LoginState._buildLineButton.<anonymous closure>
package:wordbud/…/onboarding/login.dart:268
<asynchronous suspension>
flutter: Error code: internal-error

---

Additional context

I know that both the access token and the id token I have tried using (I tried just one, just the other, and both passed in as arguments to the .credential method to no avail) are valid, because I have successfully used them to create a custom token in a firebase cloud function and sign in users through that method. However that doesn't allow me to link the newly signed in LINE user to the previous anonymous user and capture some firestore data linked to the anonymous user.

Your documentation for the OAuthProvider class states:

A generic provider instance.

This class is extended by other OAuth based providers, or can be used standalone for integration with other 3rd party providers.

This to me seems to state the class is there specifically for scenarios such as mine. The Auth flow using the flutter_line_sdk doesn't differ from Apple in any meaningful way, and provides all of the same tokens needed for any OAuth process.

---

Flutter doctor

Run flutter doctor and paste the output below:

Click To Expand

Doctor summary (to see all details, run flutter doctor -v):
[✓] Flutter (Channel stable, 2.5.3, on macOS 11.6 20G165 darwin-x64, locale en)
[✓] Android toolchain - develop for Android devices (Android SDK version 31.0.0)
[✓] Xcode - develop for iOS and macOS
[✓] Chrome - develop for the web
[✓] Android Studio (version 2020.3)
[✓] VS Code (version 1.62.3)
[✓] Connected device (4 available)
    ! Error: iPhone 13 Pro Max is busy: Fetching debug symbols for iPhone 13 Pro Max. Xcode will continue when iPhone 13 Pro Max is finished. (code -10)

• No issues found!

---

Flutter dependencies

Run flutter pub deps -- --style=compact and paste the output below:

Click To Expand

(My team's app is quite large and also confidential so I only pasted packages imported in the file I'm referencing code from)

Dart SDK 2.14.4
Flutter SDK 2.5.3

dependencies:
- flutter_line_sdk 2.1.0 [flutter]
- firebase_auth 3.2.0 [firebase_auth_platform_interface firebase_auth_web firebase_core firebase_core_platform_interface flutter meta]
- firebase_core 1.10.0 [firebase_core_platform_interface firebase_core_web flutter meta]
- cloud_firestore 3.1.0 [cloud_firestore_platform_interface cloud_firestore_web collection firebase_core firebase_core_platform_interface flutter meta]

---

[darshankawar]

@tr-stan Thanks for the report. I am assuming the anonymous sign-in is enabled in the console. If not, please do so and see if it helps. If not, can you just try a to use signInWithCredential instead of linkWithCredential and see if you get same exception or a different one ? ex: await _firebaseAuth.signInWithCredential(oauthCredential);

[tr-stan]

@darshankawar thank you so much for getting back on this so quickly! Yes anonymous sign in is enabled in the console, and I've already been able to link the anonymous user with an existing user/check for an existing user using Google sign in and Apple.

I tried using FirebaseAuth.instance.signInWithCredential(oAuthCredential); passing in just the id token, just the access token, and passing in both to the oAuthCredential constructor, and each time I got the following error logs:

GTMSessionFetcher invoking fetch callbacks, data {length = 884, bytes = 0x7b0a2020 ... 7d0a7d0a }, error Error Domain=com.google.HTTPStatus Code=400 "(null)" UserInfo={data={length = 884, bytes = 0x7b0a2020  ... 7d0a7d0a }, data_content_type=application/json; charset=UTF-8}
FLTFirebaseAuth: An error occurred while calling method Auth#signInWithCredential, errorOrNil => (null)
[VERBOSE-2:ui_dart_state.cc(209)] Unhandled Exception: [firebase_auth/unknown] An unknown error has occurred.
#0  MethodChannelFirebaseAuth.signInWithCredential
package:firebase_auth_platform_interface/…/method_channel/method_channel_firebase_auth.dart:448
<asynchronous suspension>
#1      FirebaseAuth.signInWithCredential
package:firebase_auth/src/firebase_auth.dart:497
<asynchronous suspension>

I didn't think the GTMSessionFetcher log was related, but included it just in case.

[tr-stan]

Oh and just to clarify I also still received print statements showing my identity token, access token, and user being anonymous before each of these errors, and those same credentials I have successfully passed into a cloud function to create a viable custom token with using

let customToken = await admin.auth().createCustomToken(lineUserIdentityToken);

and then returning that token to my flutter app to use

await FirebaseAuth.instance.signInWithCustomToken(customToken);

and successfully create a LINE user record that shows up in the Firebase Auth console.

[darshankawar]

Thanks for the test and further details. I see from following that the exception is coming from firebase_auth code itself:

FLTFirebaseAuth: An error occurred while calling method Auth#signInWithCredential, errorOrNil => (null) [VERBOSE-2:ui_dart_state.cc(209)] Unhandled Exception: [firebase_auth/unknown] An unknown error has occurred. #0 MethodChannelFirebaseAuth.signInWithCredential package:firebase_auth_platform_interface/…/method_channel/method_channel_firebase_auth.dart:448 <asynchronous suspension> #1 FirebaseAuth.signInWithCredential package:firebase_auth/src/firebase_auth.dart:497 <asynchronous suspension>

Specially firebase_auth/unknown exception shouldn't occur, it should catch the exception gracefully.

There was similar issue reported recently too with same exception, https://github.com/FirebaseExtended/flutterfire/issues/7316 indicating firebase_auth's integration with custom OAuthProvider will need to be looked into by the team.

[marcelosilvaidp]

I am also facing the same error described by @tr-stan. In my case the Oauth2 provider is 'microsoft.com'.

[marcelosilvaidp]

Hello @darshankawar!

Is there any progress on this issue, please?

[tr-stan]

Hi @darshankawar just checking in to see if there is any update on this?

[darshankawar]

/cc @russellwheatley

[tr-stan]

hi again @darshankawar @russellwheatley just checking if there's been any progress on this? Any idea what the underlying issue might be?

[tr-stan]

Hi again @russellwheatley just wondering if there's an update on this?

[digosantos]

Hi @tr-stan!

By any chance did you restricted your key at Google Cloud Platform?

I've recently came up with the same issue when I was trying to make Google Maps SDK work. I've mistakenly restricted the key that I used to have, so the sign-in stopped working. Double check that 😉

[tudor07]

Hi @tr-stan!

By any chance did you restricted your key at Google Cloud Platform?

I've recently came up with the same issue when I was trying to make Google Maps SDK work. I've mistakenly restricted the key that I used to have, so the sign-in stopped working. Double check that 😉

This!! I had only some of the APIs enabled for my key. Once I added "Identity Toolkit API" permission it worked. You can see API keys here: https://console.cloud.google.com/apis/credentials Mine was called "iOS key (auto created by Firebase)"

[tr-stan]

@digocse thanks for the recommendation! I just checked and there's no restrictions on any of the API keys I have in my GCP credentials console.

And the thing is I don't have any problems using the LINE tokens/credentials to create a custom token with a google cloud function and create a FirebaseAuth user that way.

But I want to be able to utilize functionality that can merge initially anonymous users into newly authenticated users, which I haven't been able to do with the custom tokens with how the API is currently structured.

[tr-stan]

@darshankawar @russellwheatley any update on this one? I would love to help with resolving this, but I've exhausted all leads I could find. I'm not experienced with open source and when I tried digging into the source code it also got overwhelming pretty quickly trying to figure out where to even look. If you could just provide some update or a lead I could at least try to do my part in resolving this.

[bichoalexis]

Hi @tr-stan! By any chance did you restricted your key at Google Cloud Platform? I've recently came up with the same issue when I was trying to make Google Maps SDK work. I've mistakenly restricted the key that I used to have, so the sign-in stopped working. Double check that 😉

This!! I had only some of the APIs enabled for my key. Once I added "Identity Toolkit API" permission it worked. You can see API keys here: https://console.cloud.google.com/apis/credentials Mine was called "iOS key (auto created by Firebase)"

Thanks that work for me! I had to restrict my API because im using location and google maps and I found that I had to add install:

• Firebase installations (for make firebase work with my app)
• Identity Toolkit API (To make work the google sign in package and others)

[tr-stan]

Hi @darshankawar @russellwheatley it's been quite some time since I wrote, but any update on this? The previous comments about API credentials were not an issue for me.

[samatzp]

Hi! Any update?

[Lyokone]

Hello If you want to use a provider not natively supported by Firebase, you need to enable OpenId Have you followed this instruction then created the custom credentials?

[tr-stan]

@Lyokone no I have not--it looks like Firebase Auth with Identity Platform was only released just a couple months ago. It looks really great though, and I'll definitely give it a shot and then respond here with the results!

[google-oss-bot]

Hey @tr-stan. We need more information to resolve this issue but there hasn't been an update in 7 weekdays. I'm marking the issue as stale and if there are no new updates in the next 7 days I will close it automatically.

If you have more information that will help us get to the bottom of this, just add a comment!

[google-oss-bot]

Since there haven't been any recent updates here, I am going to close this issue.

@tr-stan if you're still experiencing this problem and want to continue the discussion just leave a comment here and we are happy to re-open this.