🐛 [FIREBASE_AUTH] The message field of `FirebaseAuthException` contains broken JSON when receiving `BLOCKING_FUNCTION_ERROR_RESPONSE`

[Isti01]

Bug report

When a blocking function rejects the login the json payload has unexpected characters.

This is the error message of the PlatformException: An internal error has occurred. [ BLOCKING_FUNCTION_ERROR_RESPONSE:HTTP Cloud Function returned an error: {"error":{"details":"The user is not allowed to log in","message":"","status":"PERMISSION_DENIED"}} ]

This is the message field of the FirebaseAuthException: {"error":{"details":"The user is not allowed to log in","message":"","status":"PERMISSION_DENIED"}} ]

Steps to reproduce

Steps to reproduce the behavior:

1. Set up a Firebase Auth with a blocking function that rejects all logins and sends a JSON payload back.
2. Sign in with Firebase Auth

   
   final AuthCredential credential = /* get an auth credential from your provider of choice */;

await FirebaseAuth.instance.signInWithCredential(credential);

### Expected behavior

Have a valid JSON object as the message of the `FirebaseAuthException` that is thrown.

This would be the valid output for the former input:
`{"error":{"details":"The user is not allowed to log in","message":"","status":"PERMISSION_DENIED"}}`

---

### Flutter doctor

Run `flutter doctor` and paste the output below:

<details><summary>Click To Expand</summary>

Doctor summary (to see all details, run flutter doctor -v): Flutter (Channel stable, 3.13.1, on Microsoft Windows [Version 10.0.22621.2134], locale hu-HU) Windows Version (Installed version of Windows is version 10 or higher) Android toolchain - develop for Android devices (Android SDK version 34.0.0) Chrome - develop for the web Visual Studio - develop Windows apps (Visual Studio Community 2022 17.3.6) Android Studio (version 2022.3) IntelliJ IDEA Ultimate Edition (version 2023.2) VS Code (version 1.79.2) Connected device (4 available) Network resources

No issues found!

</details>

---

### Flutter dependencies

Run `flutter pub deps -- --style=compact` and paste the output below:

<details><summary>Click To Expand</summary>

Dart SDK 3.1.0 Flutter SDK 3.13.1 my_app 1.0.0+1

dependencies:

• bloc 8.1.2 [meta]
• cloud_firestore 4.9.0 [cloud_firestore_platform_interface cloud_firestore_web collection firebase_core firebase_core_platform_interface flutter meta]
• cloud_functions 4.4.0 [cloud_functions_platform_interface cloud_functions_web firebase_core firebase_core_platform_interface flutter]
• cupertino_icons 1.0.5
• email_validator 2.1.17
• expandable_page_view 1.0.17 [flutter]
• firebase_auth 4.8.0 [firebase_auth_platform_interface firebase_auth_web firebase_core firebase_core_platform_interface flutter meta]
• firebase_core 2.15.1 [firebase_core_platform_interface firebase_core_web flutter meta]
• firebase_crashlytics 3.3.5 [firebase_core firebase_core_platform_interface firebase_crashlytics_platform_interface flutter stack_trace]
• firebase_database 10.2.5 [firebase_core firebase_core_platform_interface firebase_database_platform_interface firebase_database_web flutter]
• flutter 0.0.0 [characters collection material_color_utilities meta vector_math web sky_engine]
• flutter_bloc 8.1.3 [bloc flutter provider]
• flutter_html 3.0.0-beta.2 [html csslib collection list_counter flutter]
• flutter_map 4.0.0 [async collection flutter http latlong2 meta polylabel proj4dart tuple vector_math]
• flutter_map_marker_cluster 1.1.1 [flutter flutter_map flutter_map_marker_popup latlong2]
• fluttertoast 8.2.2 [flutter flutter_web_plugins]
• freezed_annotation 2.4.1 [collection json_annotation meta]
• google_sign_in 6.1.4 [flutter google_sign_in_android google_sign_in_ios google_sign_in_platform_interface google_sign_in_web]
• http 0.13.6 [async http_parser meta]
• json_annotation 4.8.1 [meta]
• latlong2 0.8.2 [intl]
• location 5.0.3 [flutter location_platform_interface location_web]
• mobile_scanner 3.4.1 [flutter flutter_web_plugins js]
• optional 6.1.0+1 [collection]
• qr_flutter 4.1.0 [flutter qr]
• rxdart 0.27.7
• sliver_tools 0.2.12 [flutter]
• webview_flutter 4.2.3 [flutter webview_flutter_android webview_flutter_platform_interface webview_flutter_wkwebview]

dev dependencies:

• build_runner 2.4.6 [analyzer args async build build_config build_daemon build_resolvers build_runner_core code_builder collection crypto dart_style frontend_server_client glob graphs http_multi_server io js logging meta mime package_config path pool pub_semver pubspec_parse shelf shelf_web_socket stack_trace stream_transform timing watcher web_socket_channel yaml]
• flutter_lints 2.0.2 [lints]
• flutter_test 0.0.0 [flutter test_api matcher path fake_async clock stack_trace vector_math async boolean_selector characters collection material_color_utilities meta source_span stream_channel string_scanner term_glyph web]
• freezed 2.4.2 [analyzer build build_config collection meta source_gen freezed_annotation json_annotation]
• json_serializable 6.7.1 [analyzer async build build_config collection json_annotation meta path pub_semver pubspec_parse source_gen source_helper]

transitive dependencies:

• _fe_analyzer_shared 64.0.0 [meta]
• _flutterfire_internals 1.3.5 [collection firebase_core firebase_core_platform_interface flutter meta]
• analyzer 6.2.0 [_fe_analyzer_shared collection convert crypto glob meta package_config path pub_semver source_span watcher yaml]
• animated_stack_widget 0.0.4 [flutter]
• args 2.4.2
• async 2.11.0 [collection meta]
• boolean_selector 2.1.1 [source_span string_scanner]
• build 2.4.1 [analyzer async convert crypto glob logging meta package_config path]
• build_config 1.1.1 [checked_yaml json_annotation path pubspec_parse yaml]
• build_daemon 4.0.0 [built_collection built_value http_multi_server logging path pool shelf shelf_web_socket stream_transform watcher web_socket_channel]
• build_resolvers 2.2.1 [analyzer async build collection crypto graphs logging package_config path pool pub_semver stream_transform yaml]
• build_runner_core 7.2.10 [async build build_config build_resolvers collection convert crypto glob graphs json_annotation logging meta package_config path pool timing watcher yaml]
• built_collection 5.1.1
• built_value 8.6.2 [built_collection collection fixnum meta]
• characters 1.3.0
• checked_yaml 2.0.3 [json_annotation source_span yaml]
• clock 1.1.1
• cloud_firestore_platform_interface 5.16.0 [_flutterfire_internals collection firebase_core flutter meta plugin_platform_interface]
• cloud_firestore_web 3.7.0 [_flutterfire_internals cloud_firestore_platform_interface collection firebase_core firebase_core_web flutter flutter_web_plugins js]
• cloud_functions_platform_interface 5.5.0 [firebase_core flutter meta plugin_platform_interface]
• cloud_functions_web 4.6.0 [cloud_functions_platform_interface firebase_core firebase_core_web flutter flutter_web_plugins js]
• code_builder 4.5.0 [built_collection built_value collection matcher meta]
• collection 1.17.2
• convert 3.1.1 [typed_data]
• crypto 3.0.3 [typed_data]
• csslib 0.17.3 [source_span]
• dart_style 2.3.2 [analyzer args path pub_semver source_span]
• fake_async 1.3.1 [clock collection]
• file 7.0.0 [meta path]
• firebase_auth_platform_interface 6.17.0 [_flutterfire_internals collection firebase_core flutter meta plugin_platform_interface]
• firebase_auth_web 5.7.0 [firebase_auth_platform_interface firebase_core firebase_core_web flutter flutter_web_plugins http_parser js meta]
• firebase_core_platform_interface 4.8.0 [collection flutter flutter_test meta plugin_platform_interface]
• firebase_core_web 2.7.0 [firebase_core_platform_interface flutter flutter_web_plugins js meta]
• firebase_crashlytics_platform_interface 3.6.5 [_flutterfire_internals collection firebase_core flutter meta plugin_platform_interface]
• firebase_database_platform_interface 0.2.5+5 [_flutterfire_internals collection firebase_core flutter meta plugin_platform_interface]
• firebase_database_web 0.2.3+5 [firebase_core firebase_core_web firebase_database_platform_interface flutter flutter_web_plugins js]
• fixnum 1.1.0
• flutter_map_marker_popup 4.1.0 [flutter animated_stack_widget flutter_map latlong2 provider]
• flutter_web_plugins 0.0.0 [flutter characters collection material_color_utilities meta vector_math web]
• frontend_server_client 3.2.0 [async path]
• glob 2.1.2 [async collection file path string_scanner]
• google_identity_services_web 0.2.1 [js meta]
• google_sign_in_android 6.1.18 [flutter google_sign_in_platform_interface]
• google_sign_in_ios 5.6.2 [flutter google_sign_in_platform_interface]
• google_sign_in_platform_interface 2.4.1 [flutter plugin_platform_interface quiver]
• google_sign_in_web 0.12.0+3 [flutter flutter_web_plugins google_identity_services_web google_sign_in_platform_interface http js]
• graphs 2.3.1 [collection]
• html 0.15.4 [csslib source_span]
• http_multi_server 3.2.1 [async]
• http_parser 4.0.2 [collection source_span string_scanner typed_data]
• intl 0.18.1 [clock meta path]
• io 1.0.4 [meta path string_scanner]
• js 0.6.7 [meta]
• lints 2.1.1
• list_counter 1.0.2
• lists 1.0.1 [meta]
• location_platform_interface 3.1.2 [flutter plugin_platform_interface]
• location_web 4.2.0 [flutter flutter_web_plugins http_parser js location_platform_interface]
• logging 1.2.0
• matcher 0.12.16 [async meta stack_trace term_glyph test_api]
• material_color_utilities 0.5.0 [collection]
• meta 1.9.1
• mgrs_dart 2.0.0 [unicode]
• mime 1.0.4
• nested 1.0.0 [flutter]
• package_config 2.1.0 [path]
• path 1.8.3
• plugin_platform_interface 2.1.5 [meta]
• polylabel 1.0.1 [collection]
• pool 1.5.1 [async stack_trace]
• proj4dart 2.1.0 [mgrs_dart wkt_parser meta]
• provider 6.0.5 [collection flutter nested]
• pub_semver 2.1.4 [collection meta]
• pubspec_parse 1.2.3 [checked_yaml collection json_annotation pub_semver yaml]
• qr 3.0.1 [meta]
• quiver 3.2.1 [matcher]
• shelf 1.4.1 [async collection http_parser path stack_trace stream_channel]
• shelf_web_socket 1.0.4 [shelf stream_channel web_socket_channel]
• sky_engine 0.0.99
• source_gen 1.4.0 [analyzer async build dart_style glob path source_span yaml]
• source_helper 1.3.4 [analyzer collection source_gen]
• source_span 1.10.0 [collection path term_glyph]
• stack_trace 1.11.0 [path]
• stream_channel 2.1.1 [async]
• stream_transform 2.1.0
• string_scanner 1.2.0 [source_span]
• term_glyph 1.2.1
• test_api 0.6.0 [async boolean_selector collection meta source_span stack_trace stream_channel string_scanner term_glyph]
• timing 1.0.1 [json_annotation]
• tuple 2.0.2
• typed_data 1.3.2 [collection]
• unicode 0.3.1 [lists]
• vector_math 2.1.4
• watcher 1.1.0 [async path]
• web 0.1.4-beta
• web_socket_channel 2.4.0 [async crypto stream_channel]
• webview_flutter_android 3.9.3 [flutter webview_flutter_platform_interface]
• webview_flutter_platform_interface 2.5.0 [flutter meta plugin_platform_interface]
• webview_flutter_wkwebview 3.7.3 [flutter path webview_flutter_platform_interface]
• wkt_parser 2.0.0
• yaml 3.1.2 [collection source_span string_scanner]

---

[russellwheatley]

I'm not sure on how you can block sign in from a cloud function if signing in via the SDK. Could you provide more details on how you achieved this? The way I can think it can be achieved is with custom claims, but you seem to intimate it can be stopped at the cloud function and the SDK reacts.

[Isti01]

We did it by using the beforeUserSignedIn event here is the documentation.

And throwing an error inside the function body, like this:

exports[functionName] = beforeUserSignedIn({region: "europe-west1"}, async (event) => {
  throw new HttpsError("failed-precondition", "", "User exists but not found in firestore");
}

[Isti01]

I submitted a PR with the fix for the issue, https://github.com/firebase/flutterfire/pull/11533

The e2e tests timed out, I hope it's not a problem