🐛 [FIREBASE_AUTH] In Phone Authentication, when using codeSent, verification Id is not returning a 6 digit number.

[dshundal94]

Bug report

Describe the bug
In Phone Authentication, when the codeSent function is called, the verificationID that is being printed to the console is not returning a 6 digit number, instead it is returning a long string of random combination of letters and numbers. Tried this both on Windows and Mac M1 Pro computer. The verification ID that is returned is always the same, regardless of phone number being used.

I could not enable SafetyNet since it was after the 1/31/2023 deadline, and I have PlayIntegrity API enabled on google cloud console and firebase console. I also have SHA-1 and SHA-256 keys in the console. The app is in debug mode and appCheck is being used with AndroidProvider.debug, I've also tried it with PlayIntegrity. I have some numbers whitelisted in Firebase Console for testing. I am testing on an Android Device, recaptcha verification is being shown even with AppCheck enabled. I couldn't find any other documentation of this behavior online, so I'm not quite sure why I'm getting this behavior.

Steps to reproduce

Here is an example repository: https://github.com/dshundal94/phoneAuthTest

Note: Even when creating a new repository for testing, the verification ID that is being sent is the same as my main app.
Steps to reproduce the behavior:

final FirebaseAuth _auth = FirebaseAuth.instance;

_auth.verifyPhoneNumber(
          phoneNumber: number?.completeNumber,
          verificationCompleted: _verificationCompleted,
          verificationFailed: _verificationFailed,
          codeSent: _codeSent,
          codeAutoRetrievalTimeout: _codeTimeout);

 _verificationCompleted(PhoneAuthCredential authCredential) async {
    print('does this get activated');
    final auth = Provider.of<AuthService>(context, listen: false);
    UserApp? currentUser = auth.currentUser();
  }

  _verificationFailed(FirebaseAuthException exception) {
    if (exception.code == 'invalid-phone-number') {
      print("Number Invalid");
    }
  }

  _codeSent(String verificationID, int? forceResendingToken) {
    print('verification id is $verificationID');
    print('forceresendingtoken is $forceResendingToken');
  }

  _codeTimeout(String timeout) {
    return null;
  }

When printing to console, I get this:

I/flutter (19251): verification id is AK-jXHBLDyFXKEBe0nlc6HNE-gu8z93UlRXRiRy6G_a0lLDK5NCzUwp7eT2-tyVMEZrDFN4w7wndKcDDwCT4RRSxNB0kpzB2sPROXudSC7KCIDZZxLij-fbsrs8Aat8firrS9nlFI-gJx_5JyJ8FdEnkfNi_z0mxpQ
I/flutter (19251): forceresendingtoken is 61030192

Expected behavior

The expected behavior is the verification ID returns a 6 digit number.

---

Flutter doctor

Run flutter doctor and paste the output below:

Click To Expand

Doctor summary (to see all details, run flutter doctor -v):
[✓] Flutter (Channel stable, 3.7.6, on macOS 13.0.1 22A400 darwin-arm64, locale en-US)
[✓] Android toolchain - develop for Android devices (Android SDK version 33.0.0)
[✓] Xcode - develop for iOS and macOS (Xcode 14.2)
[✓] Chrome - develop for the web
[✓] Android Studio (version 2021.2)
[✓] VS Code (version 1.68.1)
[✓] Connected device (3 available)
[✓] HTTP Host Availability

• No issues found!```

</details>

---

### Flutter dependencies

Run `flutter pub deps -- --style=compact` and paste the output below:

<details><summary>Click To Expand</summary>

- cached_network_image 3.2.2 [flutter flutter_cache_manager octo_image cached_network_image_platform_interface cached_network_image_web]
- camera 0.10.0+4 [camera_android camera_avfoundation camera_platform_interface camera_web flutter flutter_plugin_android_lifecycle quiver]
- characters 1.2.1
- circular_profile_avatar 2.0.5 [flutter cached_network_image]
- cloud_firestore 4.0.2 [cloud_firestore_platform_interface cloud_firestore_web collection firebase_core firebase_core_platform_interface flutter meta]
- crypto 3.0.2 [typed_data]
- cupertino_icons 1.0.5
- email_validator 2.1.17
- firebase_analytics 10.1.4 [firebase_analytics_platform_interface firebase_analytics_web firebase_core firebase_core_platform_interface flutter]
- firebase_app_check 0.1.1+12 [firebase_app_check_platform_interface firebase_app_check_web firebase_core firebase_core_platform_interface flutter]
- firebase_auth 4.2.9 [firebase_auth_platform_interface firebase_auth_web firebase_core firebase_core_platform_interface flutter meta]
- firebase_core 2.7.0 [firebase_core_platform_interface firebase_core_web flutter meta]
- firebase_database 10.0.14 [firebase_core firebase_core_platform_interface firebase_database_platform_interface firebase_database_web flutter]
- firebase_dynamic_links 5.0.15 [firebase_core firebase_core_platform_interface firebase_dynamic_links_platform_interface flutter meta plugin_platform_interface]
- firebase_storage 11.0.14 [firebase_core firebase_core_platform_interface firebase_storage_platform_interface firebase_storage_web flutter]
- flare_flutter 3.0.2 [collection flutter meta]
- flutter 0.0.0 [characters collection js material_color_utilities meta vector_math sky_engine]
- flutter_cache_manager 3.3.0 [clock collection file flutter http path path_provider pedantic rxdart sqflite uuid]
- flutter_spinkit 5.1.0 [flutter]
- flutter_statusbarcolor_ns 0.4.0 [flutter]
- flutter_svg 1.1.5 [flutter meta path_drawing vector_math xml]
- google_fonts 3.0.1 [flutter http path_provider crypto]
- google_sign_in 5.4.2 [flutter google_sign_in_android google_sign_in_ios google_sign_in_platform_interface google_sign_in_web]
- image_picker 0.8.6 [flutter image_picker_android image_picker_for_web image_picker_ios image_picker_platform_interface]
- intl_phone_field 3.1.0 [flutter]
- permission_handler 10.2.0 [flutter meta permission_handler_android permission_handler_apple permission_handler_windows permission_handler_platform_interface]
- persistent_bottom_nav_bar 5.0.2 [flutter]
- pin_code_fields 7.4.0 [flutter]
- provider 6.0.4 [collection flutter nested]
- sign_in_with_apple 4.1.0 [flutter meta sign_in_with_apple_platform_interface sign_in_with_apple_web]

dev dependencies:
- flutter_launcher_icons 0.10.0 [args checked_yaml cli_util image json_annotation path yaml]
- flutter_test 0.0.0 [flutter test_api path fake_async clock stack_trace vector_math async boolean_selector characters collection js matcher material_color_utilities meta source_span stream_channel string_scanner term_glyph]

transitive dependencies:
- _flutterfire_internals 1.0.16 [collection firebase_core firebase_core_platform_interface flutter meta]
- archive 3.3.2 [crypto path]
- args 2.3.1
- async 2.10.0 [collection meta]
- boolean_selector 2.1.1 [source_span string_scanner]
- cached_network_image_platform_interface 2.0.0 [flutter flutter_cache_manager]
- cached_network_image_web 1.0.2 [flutter flutter_cache_manager cached_network_image_platform_interface]
- camera_android 0.10.0+3 [camera_platform_interface flutter flutter_plugin_android_lifecycle stream_transform]
- camera_avfoundation 0.9.8+6 [camera_platform_interface flutter stream_transform]
- camera_platform_interface 2.2.2 [cross_file flutter plugin_platform_interface stream_transform]
- camera_web 0.3.0+1 [camera_platform_interface flutter flutter_web_plugins stream_transform]
- checked_yaml 2.0.1 [json_annotation source_span yaml]
- cli_util 0.3.5 [meta path]
- clock 1.1.1
- cloud_firestore_platform_interface 5.8.2 [_flutterfire_internals collection firebase_core flutter meta plugin_platform_interface]
- cloud_firestore_web 3.0.2 [_flutterfire_internals cloud_firestore_platform_interface collection firebase_core firebase_core_web flutter flutter_web_plugins js]
- collection 1.17.0
- cross_file 0.3.3+2 [js meta]
- fake_async 1.3.1 [clock collection]
- ffi 2.0.1
- file 6.1.4 [meta path]
- firebase_analytics_platform_interface 3.3.21 [_flutterfire_internals firebase_core flutter meta plugin_platform_interface]
- firebase_analytics_web 0.5.1+12 [_flutterfire_internals firebase_analytics_platform_interface firebase_core firebase_core_web flutter flutter_web_plugins js]
- firebase_app_check_platform_interface 0.0.5+15 [_flutterfire_internals firebase_core flutter meta plugin_platform_interface]
- firebase_app_check_web 0.0.7+15 [_flutterfire_internals firebase_app_check_platform_interface firebase_core firebase_core_web flutter flutter_web_plugins js]
- firebase_auth_platform_interface 6.11.11 [_flutterfire_internals collection firebase_core flutter meta plugin_platform_interface]
- firebase_auth_web 5.2.8 [firebase_auth_platform_interface firebase_core firebase_core_web flutter flutter_web_plugins http_parser intl js meta]
- firebase_core_platform_interface 4.5.3 [collection flutter flutter_test meta plugin_platform_interface]
- firebase_core_web 2.2.1 [firebase_core_platform_interface flutter flutter_web_plugins js meta]
- firebase_database_platform_interface 0.2.2+21 [_flutterfire_internals collection firebase_core flutter meta plugin_platform_interface]
- firebase_database_web 0.2.1+23 [firebase_core firebase_core_web firebase_database_platform_interface flutter flutter_web_plugins js]
- firebase_dynamic_links_platform_interface 0.2.3+30 [_flutterfire_internals firebase_core flutter meta plugin_platform_interface]
- firebase_storage_platform_interface 4.1.30 [collection firebase_core flutter meta plugin_platform_interface]
- firebase_storage_web 3.3.23 [_flutterfire_internals async firebase_core firebase_core_web firebase_storage_platform_interface flutter flutter_web_plugins http js meta]
- flutter_blurhash 0.7.0 [flutter]
- flutter_plugin_android_lifecycle 2.0.7 [flutter]
- flutter_web_plugins 0.0.0 [flutter js characters collection material_color_utilities meta vector_math]
- google_sign_in_android 6.1.1 [flutter google_sign_in_platform_interface]
- google_sign_in_ios 5.5.0 [flutter google_sign_in_platform_interface]
- google_sign_in_platform_interface 2.3.0 [flutter plugin_platform_interface quiver]
- google_sign_in_web 0.10.2 [flutter flutter_web_plugins google_sign_in_platform_interface js]
- http 0.13.5 [async http_parser meta path]
- http_parser 4.0.2 [collection source_span string_scanner typed_data]
- image 3.2.2 [archive meta xml]
- image_picker_android 0.8.5+3 [flutter flutter_plugin_android_lifecycle image_picker_platform_interface]
- image_picker_for_web 2.1.10 [flutter flutter_web_plugins image_picker_platform_interface]
- image_picker_ios 0.8.6+1 [flutter image_picker_platform_interface]
- image_picker_platform_interface 2.6.2 [cross_file flutter http plugin_platform_interface]
- intl 0.17.0 [clock path]
- js 0.6.5 [meta]
- json_annotation 4.7.0 [meta]
- matcher 0.12.13 [meta stack_trace]
- material_color_utilities 0.2.0
- meta 1.8.0
- nested 1.0.0 [flutter]
- octo_image 1.0.2 [flutter flutter_blurhash]
- path 1.8.2
- path_drawing 1.0.1 [vector_math meta path_parsing flutter]
- path_parsing 1.0.1 [vector_math meta]
- path_provider 2.0.11 [flutter path_provider_android path_provider_ios path_provider_linux path_provider_macos path_provider_platform_interface path_provider_windows]
- path_provider_android 2.0.20 [flutter path_provider_platform_interface]
- path_provider_ios 2.0.11 [flutter path_provider_platform_interface]
- path_provider_linux 2.1.7 [ffi flutter path path_provider_platform_interface xdg_directories]
- path_provider_macos 2.0.6 [flutter path_provider_platform_interface]
- path_provider_platform_interface 2.0.5 [flutter platform plugin_platform_interface]
- path_provider_windows 2.1.3 [ffi flutter path path_provider_platform_interface win32]
- pedantic 1.11.1
- permission_handler_android 10.2.0 [flutter permission_handler_platform_interface]
- permission_handler_apple 9.0.7 [flutter permission_handler_platform_interface]
- permission_handler_platform_interface 3.9.0 [flutter meta plugin_platform_interface]
- permission_handler_windows 0.1.2 [flutter permission_handler_platform_interface]
- petitparser 5.1.0 [meta]
- platform 3.1.0
- plugin_platform_interface 2.1.3 [meta]
- process 4.2.4 [file path platform]
- quiver 3.1.0 [matcher]
- rxdart 0.27.5
- sign_in_with_apple_platform_interface 1.0.0 [flutter plugin_platform_interface meta]
- sign_in_with_apple_web 1.0.1 [flutter flutter_web_plugins sign_in_with_apple_platform_interface js]
- sky_engine 0.0.99
- source_span 1.9.1 [collection path term_glyph]
- sqflite 2.1.0+1 [flutter sqflite_common path]
- sqflite_common 2.3.0 [synchronized path meta]
- stack_trace 1.11.0 [path]
- stream_channel 2.1.1 [async]
- stream_transform 2.0.1
- string_scanner 1.2.0 [source_span]
- synchronized 3.0.0+3
- term_glyph 1.2.1
- test_api 0.4.16 [async boolean_selector collection meta source_span stack_trace stream_channel string_scanner term_glyph matcher]
- typed_data 1.3.1 [collection]
- uuid 3.0.6 [crypto]
- vector_math 2.1.4
- win32 3.0.1 [ffi]
- xdg_directories 0.2.0+2 [meta path process]
- xml 6.1.0 [collection meta petitparser]
- yaml 3.1.1 [collection source_span string_scanner]```

---

[darshankawar]

Thanks for the report @dshundal94
Does verificationCompleted function get called ? This would indicate that the user is already signed in.

The app is in debug mode and appCheck is being used with AndroidProvider.debug, I've also tried it with PlayIntegrity

In order to narrow down the behavior strictly to firebase_auth and a possibility of app_check setting causing this, is it possible for you to run again in debug mode without appcheck and see if the behavior persists or not ?

[dshundal94]

Thanks for the report @dshundal94 Does verificationCompleted function get called ? This would indicate that the user is already signed in.

The app is in debug mode and appCheck is being used with AndroidProvider.debug, I've also tried it with PlayIntegrity

In order to narrow down the behavior strictly to firebase_auth and a possibility of app_check setting causing this, is it possible for you to run again in debug mode without appcheck and see if the behavior persists or not ?

Hey @darshankawar, thanks for the suggestions!

The verificationCompleted function does not get called in this case. I also updated the repository to do this without app_check and the behavior still persists. In the firebase console, app_check is still enabled, but in the repository there is no code associated with app_check. Should I create another project and repository without app_check enabled?

Furthermore, in the console after the verificationId and forceResendingToken is printed, I also get this warning message sometimes:

W/FirebaseAuth(22984): [SmsRetrieverHelper] Timed out waiting for SMS.

However, I still receive a 6 digit code when testing with a real device. Is there anything else you would want me to test out, I would be glad to try any suggestion :)

EDIT: Here is a repository without using app_check and this still gets the same behavior: https://github.com/dshundal94/phoneAuthWithoutAppCheck

[darshankawar]

Thanks for the update.

W/FirebaseAuth(22984): [SmsRetrieverHelper] Timed out waiting for SMS.

This seems to be coming from native SDK and not from flutterfire, so I suggest you to take a look at this related issue for further reference: firebase/firebase-android-sdk#2688 and #4916 (comment)

Here is a repository without using app_check and this still gets the same behavior: https://github.com/dshundal94/phoneAuthWithoutAppCheck

I see that you have not initialised firebase app using latest tool, ie flutterfire configure. I recommend to go through this document on how to use and implement it in order to initialize / integrate firebase app using it: https://firebase.google.com/docs/flutter/setup

It may be that the way you have initialised the app, could be mis-config or a setting issue.

[dshundal94]

Hey @darshankawar, appreciate the suggestions.

Thanks for the update.

This seems to be coming from native SDK and not from flutterfire, so I suggest you to take a look at this related issue for further reference: firebase/firebase-android-sdk#2688 and #4916 (comment)

Thank you, I will take a look at this!

I see that you have not initialised firebase app using latest tool, ie flutterfire configure. I recommend to go through this document on how to use and implement it in order to initialize / integrate firebase app using it: https://firebase.google.com/docs/flutter/setup

It may be that the way you have initialised the app, could be mis-config or a setting issue.

That was also a good suggestion, I did it however, and I still am getting the issue. The https://github.com/dshundal94/phoneAuthWithoutAppCheck repository is pushed with the updated changes.

[darshankawar]

I cloned the repo and ran it on simulator, but after entering the phone number, I don't see any action happening. The phone number prints in the console but nothing after that. Same on emulator as well. I used my demo firebase app and linked it with the repo clone.

I'll keep this issue open for team's insights on expected behavior or why the behavior is as reported.

/cc @Lyokone

[Lyokone]

It's normal that the verificationId is a long string. Please check the documentation.
You are supposed to provide the verificationId and the smsCode (that will be 6 digits and received only on your mobile device).

final credential = PhoneAuthProvider.credential(
  verificationId: verificationId,
  smsCode: smsCode,
);