flutterfire
flutterfire copied to clipboard
firebase
🐛 [firebase_auth] INVALID_PROJECT_ID:Project ID does not match MFA pending credential.
Bug report
Describe the bug
On Android, when performing verifyPhoneNumber to verify a multi-factor login, we consistently receive the following error:
E/FirebaseAuth( 6458): [SmsRetrieverHelper] SMS verification code request failed: unknown status code: 17499 INVALID_PROJECT_ID:Project ID does not match MFA pending credential.
This error is blocking our release so it's important for me to resolve it quickly. Please let me know if I can provide more context.
Steps to reproduce
Assuming a well-setup Firebase environment with email-password authentication, phone authentication enabled, and SMS MFA enabled:
- Use
signInWithEmailAndPassword,verifyPhoneNumber, and finallyuser.multiFactor.enrollto enroll a user in MFA. - Use
signInWithEmailAndPasswordfollowed byverifyPhoneNumberusing the hint from the multi-factor exception. This produces the error above.
Expected behavior
I expect verifyPhoneNumber to behave exactly as it did during the enrollment process - it should just return the verification ID for use with the resolver.
Sample project
The repository does use some other libraries, but I've stripped out pretty much everything else. Please let me know if I need to remove more.
Additional context
- Enrollment works great - you can confirm the second factor in the Firebase console. This makes it all the more confusing why the error could possibly occur in the exact same configuration.
- This code works as expected on iOS, but it is not in the report repository. You are able to log in successfully, and the user is show under the login button. This leads us to believe the issue is in Android's platform-specific code, rather than the Dart side.
- Our setup does in fact use a tenant, but it's not clear if this is relevant information.
Flutter doctor
Run flutter doctor and paste the output below:
Click To Expand
misha@C02H82ETQ05P firebase-auth-bug-report % flutter doctor
Doctor summary (to see all details, run flutter doctor -v):
[✓] Flutter (Channel stable, 3.3.2, on macOS 12.4 21F79 darwin-arm, locale en-JP)
[✓] Android toolchain - develop for Android devices (Android SDK version 33.0.0)
[✓] Xcode - develop for iOS and macOS (Xcode 13.4.1)
[✓] Chrome - develop for the web
[✓] Android Studio (version 2021.2)
[✓] VS Code (version 1.71.2)
[✓] Connected device (3 available)
[✓] HTTP Host Availability
• No issues found!
Flutter dependencies
Run flutter pub deps -- --style=compact and paste the output below:
Click To Expand
misha@C02H82ETQ05P firebase-auth-bug-report % flutter pub deps -- --style=compact
Dart SDK 2.18.1
Flutter SDK 3.3.2
mfa_app 1.0.0+1
dependencies:
- cupertino_icons 1.0.5
- firebase_auth 3.9.0 [firebase_auth_platform_interface firebase_auth_web firebase_core firebase_core_platform_interface flutter meta]
- firebase_core 1.22.0 [firebase_core_platform_interface firebase_core_web flutter meta]
- flutter 0.0.0 [characters collection material_color_utilities meta vector_math sky_engine]
- flutter_hooks 0.18.5+1 [flutter]
- freezed_annotation 2.1.0 [collection json_annotation meta]
- hooks_riverpod 1.0.4 [collection flutter flutter_hooks flutter_riverpod riverpod state_notifier]
- json_annotation 4.6.0 [meta]
dev dependencies:
- build_runner 2.2.0 [args async analyzer build build_config build_daemon build_resolvers build_runner_core code_builder collection crypto dart_style frontend_server_client glob graphs http_multi_server io js logging meta mime package_config path pool pub_semver pubspec_parse shelf shelf_web_socket stack_trace stream_transform timing watcher web_socket_channel yaml]
- flutter_lints 2.0.1 [lints]
- flutter_test 0.0.0 [flutter test_api path fake_async clock stack_trace vector_math async boolean_selector characters collection matcher material_color_utilities meta source_span stream_channel string_scanner term_glyph]
- freezed 2.1.0+1 [analyzer build build_config collection meta source_gen freezed_annotation json_annotation]
- json_serializable 6.3.1 [analyzer async build build_config collection json_annotation meta path pub_semver pubspec_parse source_gen source_helper]
transitive dependencies:
- _fe_analyzer_shared 43.0.0 [meta]
- analyzer 4.3.1 [_fe_analyzer_shared collection convert crypto glob meta package_config path pub_semver source_span watcher yaml]
- args 2.3.1
- async 2.9.0 [collection meta]
- boolean_selector 2.1.0 [source_span string_scanner]
- build 2.3.0 [analyzer async convert crypto glob logging meta path]
- build_config 1.1.0 [checked_yaml json_annotation path pubspec_parse yaml]
- build_daemon 3.1.0 [built_collection built_value http_multi_server logging path pool shelf shelf_web_socket stream_transform watcher web_socket_channel]
- build_resolvers 2.0.9 [analyzer async build crypto graphs logging path package_config pool pub_semver stream_transform yaml]
- build_runner_core 7.2.3 [async build build_config build_resolvers collection convert crypto glob graphs json_annotation logging meta path package_config pool timing watcher yaml]
- built_collection 5.1.1
- built_value 8.4.0 [built_collection collection fixnum meta]
- characters 1.2.1
- checked_yaml 2.0.1 [json_annotation source_span yaml]
- clock 1.1.1
- code_builder 4.1.0 [built_collection built_value collection matcher meta]
- collection 1.16.0
- convert 3.0.2 [typed_data]
- crypto 3.0.2 [typed_data]
- dart_style 2.2.3 [analyzer args path pub_semver source_span]
- fake_async 1.3.1 [clock collection]
- file 6.1.2 [meta path]
- firebase_auth_platform_interface 6.8.0 [collection firebase_core flutter meta plugin_platform_interface]
- firebase_auth_web 4.4.1 [firebase_auth_platform_interface firebase_core firebase_core_web flutter flutter_web_plugins http_parser intl js meta]
- firebase_core_platform_interface 4.5.1 [collection flutter flutter_test meta plugin_platform_interface]
- firebase_core_web 1.7.2 [firebase_core_platform_interface flutter flutter_web_plugins js meta]
- fixnum 1.0.1
- flutter_riverpod 1.0.4 [collection flutter meta riverpod state_notifier]
- flutter_web_plugins 0.0.0 [flutter js characters collection material_color_utilities meta vector_math]
- frontend_server_client 2.1.3 [async path]
- glob 2.1.0 [async collection file path string_scanner]
- graphs 2.1.0 [collection]
- http_multi_server 3.2.1 [async]
- http_parser 4.0.1 [collection source_span string_scanner typed_data]
- intl 0.17.0 [clock path]
- io 1.0.3 [meta path string_scanner]
- js 0.6.4
- lints 2.0.0
- logging 1.0.2
- matcher 0.12.12 [stack_trace]
- material_color_utilities 0.1.5
- meta 1.8.0
- mime 1.0.2
- package_config 2.1.0 [path]
- path 1.8.2
- plugin_platform_interface 2.1.2 [meta]
- pool 1.5.1 [async stack_trace]
- pub_semver 2.1.1 [collection meta]
- pubspec_parse 1.2.0 [checked_yaml collection json_annotation pub_semver yaml]
- riverpod 1.0.3 [collection meta state_notifier]
- shelf 1.3.1 [async collection http_parser path stack_trace stream_channel]
- shelf_web_socket 1.0.2 [shelf stream_channel web_socket_channel]
- sky_engine 0.0.99
- source_gen 1.2.2 [analyzer async build dart_style glob meta path source_span yaml]
- source_helper 1.3.2 [analyzer collection source_gen]
- source_span 1.9.0 [collection path term_glyph]
- stack_trace 1.10.0 [path]
- state_notifier 0.7.2+1 [meta]
- stream_channel 2.1.0 [async]
- stream_transform 2.0.0
- string_scanner 1.1.1 [source_span]
- term_glyph 1.2.1
- test_api 0.4.12 [async boolean_selector collection meta source_span stack_trace stream_channel string_scanner term_glyph matcher]
- timing 1.0.0 [json_annotation]
- typed_data 1.3.1 [collection]
- vector_math 2.1.2
- watcher 1.0.1 [async path]
- web_socket_channel 2.2.0 [async crypto stream_channel]
- yaml 3.1.1 [collection source_span string_scanner]
Thanks for the detailed report and sample repo @misha-mercari
Looking at the error, unknown status code: 17499 INVALID_PROJECT_ID:Project ID does not match MFA pending credential. , it indicates some config mismatch at the project level.
In your google-services.json, do you by any chance have multiple client_id under oauth_client ? Can you also confirm if the project_number in your google-services.json is same as that in firebase console ?
Also, I see that you are using tenant in your app. Just to be sure that the error is not occuring due to it, does the same behavior occur without it ?
In your google-services.json, do you by any chance have multiple client_id under oauth_client ?
There are two client_id objects in my google-services.json.
Can you also confirm if the project_number in your google-services.json is same as that in firebase console?
I confirmed that the project_number is the same between my google-services.json and the Firebase console.
Also, I see that you are using tenant in your app. Just to be sure that the error is not occurring due to it, does the same behavior occur without it?
To confirm this, I performed the following:
- Added a new account to the base Firebase project via the console.
- Sent myself a reset password email to verify the email address.
- Removed the tenant line from the app and rebuilt the app.
- Entered the email and password in the app to enroll in MFA.
- Entered the email and password in the app again to try to log in.
For the phone number and SMS code, I used a test number/code I configured in the console.
I succeeded logging in with MFA. I can confirm that the error is in fact related to the usage of a tenant.
I can confirm that the error is in fact related to the usage of a tenant.
Thanks for confirming. Since this is related to MFA, I am not sure if providing the tenant Id to multi factor authentication is conflicting or not supported yet. May it requires support for multi tenancy for MFA ?
Can you check this thread and see if it helps ?
I read the thread, and I think it's focused on multi-tenant support in general. Our multi-tenant Firebase app works great already, so I'm not sure what the other commenters there are waiting for. There's also no mention of MFA at all. Ultimately, I don't think it's related to this issue.
I would hesitate to claim that it's not supported yet - after all, iOS works exactly as expected.
I guess we're looking for tickets involving both tenants and MFA looking forward.
Thanks for the feedback. I looked at the sample repo you shared and going through it, observed that it is using some external packages such as flutter_hooks, hooks_riverpod and freezed_annotation. In order to complete isolate this behavior to firebase_auth, would be good if you try to just replicate it without using any of above packages and only keep it to firebase_auth and see if it still replicates. With this, I am trying to see if the issue occurs solely using firebase_auth or not.
@darshankawar
I've gone ahead and removed every dependency except firebase_auth. The bug still replicates.
Please let me know if I can provide any additional information.
Thanks for the updated code sample and effort to put it together. I tried to run it on Android Samsung device, but have been unable to replicate it. Based on the report and error received, I am labeling this for further insights from the team.
/cc @Lyokone
According to Google's official documentation, MFA with multi-tenancy is not supported. I could reproduce your bug but there is nothing I can do to fix this.
Thanks @Lyokone. Is it same as I mentioned earlier https://github.com/firebase/flutterfire/issues/9550#issuecomment-1249367594 ?
Thanks @Lyokone. Is it same as I mentioned earlier #9550 (comment) ?
Not really, the mentioned question is outdated as support for tenantId is now provided
@Lyokone Thanks for the information. I guess we have no choice but to not use tenants for the time being.
Is there any way to check on the priority and/or progress of fixing this?
There is currently no open tickets in Firebase iOS SDK and Android SDK. You can open a ticket in those to check the status.
I've talked to my team and we've decided that there's no choice but to use a configuration without tenants for the foreseeable future.
Thank you @darshankawar and @Lyokone for your help! Feel free to close/manage this ticket as necessary.