🐛 [FIREBASE_AUTH] Can't sign in with MFA on iOS using firebase_auth 4.7.1

[rstieger]

Bug report

Describe the bug With firebase_auth 4.7.1 on iOS, trying to log into an account that uses MFA throws a multi-factor-auth-required exception that is not handled properly. A random hex address is displayed on the screen instead of asking for the SMS code. Auth state changes to AuthFailed instead of MFARequired

I did not see the bug with firebase_auth 4.6.2. I saw it after updating to firebase_auth 4.7.1 and running pod update Firebase/DynamicLinks for compatibility. (This was originally done in order to use firebase_ui_oauth_google 1.2.6, but I can reproduce the bug without using Google auth .)

Steps to reproduce

Steps to reproduce the behavior:

1. Register a new user account using firebase_ui_auth EmailAuthProvider()
2. Add MFA
3. Sign in with that user account

Expected behavior

Successful sign-in

Sample project

A minimal application will duplicate the bug:

import 'package:flutter/material.dart';

import 'package:firebase_core/firebase_core.dart';
import 'package:firebase_ui_auth/firebase_ui_auth.dart';

void main() async {
    WidgetsFlutterBinding.ensureInitialized();
    await Firebase.initializeApp();

    FirebaseUIAuth.configureProviders([
      EmailAuthProvider(),
    ]);

    runApp(MyApp());
}

class MyApp extends StatelessWidget {
  const MyApp({super.key}) ;

  @override
  Widget build(BuildContext context) {
    return MaterialApp(
      home: SignInScreen(
        actions: [
          AuthStateChangeAction<SignedIn>((context, state) {
            // redirect to other screen
            print('signed in!');
          }),
          AuthStateChangeAction((context, state) => print('auth state change $state'))
        ],
      ),
    );
  }
}

---

Additional context

Add any other context about the problem here.

---

Flutter doctor

Run flutter doctor and paste the output below:

Click To Expand

``` Doctor summary (to see all details, run flutter doctor -v): [✓] Flutter (Channel stable, 3.10.5, on macOS 13.4.1 22F770820d darwin-arm64, locale en-US) [✓] Android toolchain - develop for Android devices (Android SDK version 33.0.0) [✓] Xcode - develop for iOS and macOS (Xcode 14.3.1) [✓] Chrome - develop for the web [✓] Android Studio (version 2022.2) [✓] VS Code (version 1.80.1) [✓] Connected device (4 available) [✓] Network resources • No issues found! ```

---

Flutter dependencies

Run flutter pub deps -- --style=compact and paste the output below:

Click To Expand

``` Dart SDK 3.0.5 Flutter SDK 3.10.5 google_auth_test 1.0.0+1 dependencies: - cupertino_icons 1.0.5 - firebase_auth 4.7.1 [firebase_auth_platform_interface firebase_auth_web firebase_core firebase_core_platform_interface flutter meta] - firebase_core 2.15.0 [firebase_core_platform_interface firebase_core_web flutter meta] - firebase_ui_auth 1.6.1 [email_validator firebase_auth firebase_core firebase_dynamic_links firebase_ui_localizations firebase_ui_oauth firebase_ui_shared flutter flutter_localizations] - flutter 0.0.0 [characters collection js material_color_utilities meta vector_math sky_engine] dev dependencies: - flutter_lints 2.0.2 [lints] - flutter_test 0.0.0 [flutter test_api path fake_async clock stack_trace vector_math async boolean_selector characters collection js matcher material_color_utilities meta source_span stream_channel string_scanner term_glyph] transitive dependencies: - _flutterfire_internals 1.3.4 [collection firebase_core firebase_core_platform_interface flutter meta] - args 2.4.2 - async 2.11.0 [collection meta] - boolean_selector 2.1.1 [source_span string_scanner] - characters 1.3.0 - clock 1.1.1 - collection 1.17.1 - crypto 3.0.3 [typed_data] - desktop_webview_auth 0.0.13 [crypto flutter http flutter_web_plugins plugin_platform_interface] - email_validator 2.1.17 - fake_async 1.3.1 [clock collection] - firebase_auth_platform_interface 6.16.0 [_flutterfire_internals collection firebase_core flutter meta plugin_platform_interface] - firebase_auth_web 5.6.1 [firebase_auth_platform_interface firebase_core firebase_core_web flutter flutter_web_plugins http_parser js meta] - firebase_core_platform_interface 4.8.0 [collection flutter flutter_test meta plugin_platform_interface] - firebase_core_web 2.6.0 [firebase_core_platform_interface flutter flutter_web_plugins js meta] - firebase_dynamic_links 5.3.4 [firebase_core firebase_core_platform_interface firebase_dynamic_links_platform_interface flutter meta plugin_platform_interface] - firebase_dynamic_links_platform_interface 0.2.6+4 [_flutterfire_internals firebase_core flutter meta plugin_platform_interface] - firebase_ui_localizations 1.5.0 [flutter flutter_localizations path] - firebase_ui_oauth 1.4.6 [desktop_webview_auth firebase_auth firebase_ui_auth firebase_ui_shared flutter_svg flutter] - firebase_ui_shared 1.3.0 [flutter] - flutter_localizations 0.0.0 [flutter intl characters clock collection js material_color_utilities meta path vector_math] - flutter_svg 2.0.7 [flutter vector_graphics vector_graphics_codec vector_graphics_compiler] - flutter_web_plugins 0.0.0 [flutter js characters collection material_color_utilities meta vector_math] - http 1.1.0 [async http_parser meta] - http_parser 4.0.2 [collection source_span string_scanner typed_data] - intl 0.18.0 [clock meta path] - js 0.6.7 [meta] - lints 2.1.1 - matcher 0.12.15 [async meta stack_trace term_glyph test_api] - material_color_utilities 0.2.0 - meta 1.9.1 - path 1.8.3 - path_parsing 1.0.1 [vector_math meta] - petitparser 5.4.0 [meta] - plugin_platform_interface 2.1.4 [meta] - sky_engine 0.0.99 - source_span 1.9.1 [collection path term_glyph] - stack_trace 1.11.0 [path] - stream_channel 2.1.1 [async] - string_scanner 1.2.0 [source_span] - term_glyph 1.2.1 - test_api 0.5.1 [async boolean_selector collection meta source_span stack_trace stream_channel string_scanner term_glyph matcher] - typed_data 1.3.2 [collection] - vector_graphics 1.1.7 [flutter vector_graphics_codec] - vector_graphics_codec 1.1.7 - vector_graphics_compiler 1.1.7 [args meta path_parsing xml vector_graphics_codec] - vector_math 2.1.4 - xml 6.3.0 [collection meta petitparser]```

---

[danagbemava-nc]

Hi @rstieger, thanks for filing the issue, kindly share the full error message that you receive.

[Shawn-sudo]

I'm also experiencing this issue :/

For me, simply downgrading firebase_auth package to 4.6.2 didn't solve the problem, but adding this line in pubspec.yaml solved it:

firebase_auth_platform_interface: 6.15.1

firebase_auth package depends on firebase_auth_platform_interface for platform interaction, and I think there's a problem with firebase_auth_platform_interface >= 6.16.0

Similar issue (maybe unrelated): https://github.com/firebase/flutterfire/issues/10966

[Shawn-sudo]

@danagbemava-nc

Hi @rstieger, thanks for filing the issue, kindly share the full error message that you receive.

@rstieger said "A random hex address is displayed on the screen instead of asking for the SMS code." That looks like this for me:

One thing to add, I was expecting FirebaseAuth.instance.signInWithEmailAndPassword() to throw an instance of FirebaseAuthMultiFactorException when a user with MFA enabled tries to login, but the sign in method threw a FirebaseAuthException instead. I think that's the reason behind the auth state changing into AuthFailed instead of MFARequired for @rstieger's case

[danagbemava-nc]

Thanks for the clarification. I was also able to reproduce the bug using the plugin example code. I was able to sign in at first but after enabling 2-step verification, I got the error below on the sign in page.

[danagbemava-nc]

cc @Lyokone

[rstieger]

Thank you @danagbemava-nc for posting the screenshot. That is what I meant by random hex address. I see the same exception that @Shawn-sudo captured in a debugger if I break on exceptions.