Firebase Phone Auth Error 400

Question

Just getting started with Firebase phone auth. Seems pretty slick however I've hit a wall with a bug.

 {
 "error": {
  "errors": [
   {
    "domain": "global",
    "reason": "invalid",
    "message": "SESSION_EXPIRED"
   }
  ],
  "code": 400,
  "message": "SESSION_EXPIRED"
 }
}

Starting with the Captcha: (standard documentation code!)

  var applicationVerifier = new firebase.auth.RecaptchaVerifier('recaptcha-container', {
      'size': 'invisible',
      'callback': function(response) {

      },
      'expired-callback': function() {

      }
    });

Its rendered and the captcha works well.

Next is the sign-in bit where you are sent the auth code to your phone. Works great:

$scope.signInWithPhoneNumber = function signInWithPhoneNumber() {


        var phoneNumber = "*censored*";
        var appVerifier = window.recaptchaVerifier;
        firebase.auth().signInWithPhoneNumber(phoneNumber, applicationVerifier)
          .then(function (confirmationResult) {
            // SMS sent. Prompt user to type the code from the message, then sign the
            // user in with confirmationResult.confirm(code).
            window.confirmationResult = confirmationResult;




            $scope.setConfirmationResult(confirmationResult);
            alert('Result: ' + JSON.stringify(confirmationResult));
          }).catch(function (error) {
          // Error; SMS not sent
          alert('Error: ' + error);
          // ...
        });
      };

Finally its the authentication of the code that the user inputs from the text message. Here is when I get the error 400:

$scope.AuthenticateCode = function (code) {


        var code = String(document.getElementById("auth_code").value);

        var confirmationResult = $scope.getConfirmationResult();
        alert(code);
        confirmationResult.confirm(code).then(function (result) {
          // User signed in successfully.
          var user = result.user;
          console.log('Signed In! ' + JSON.stringify(user));
          // ...
        }).catch(function (error) {
          // User couldn't sign in (bad verification code?)
          // ...
        });

      }//end of AuthenticateCode

The error is coming from the VerifyPhone method: https://www.googleapis.com/identitytoolkit/v3/relyingparty/verifyPhoneNumber?key=censored

Any help or ideas?

Many Thanks, Kieran

Answer 1

I got into a similar situation when a POST request to google API was returning Bad Request 400. When the message was logged, it said:

All requests from this device are blocked due to Unusual Activity. Please try again later

The issue was when the ReCaptcha was sensing a bot out of my development environment and it worked well when I tried later. During the rest of the development, I turned off this feature for easy work.

Answer 2

You are most likely to forget the "Country Code" before the phone no. That is why firebase throw error 400 which means invalid parameters

Answer 3

If it's an Ionic3 project, change the following lines:

Imports:

import { AngularFireAuth } from 'angularfire2/auth';
import firebase from 'firebase';

Create var:

public recaptchaVerifier: firebase.auth.RecaptchaVerifier;

on "ionViewDidLoad()"

this.recaptchaVerifier = new firebase.auth.RecaptchaVerifier('recaptcha-container');

on "your_method(phoneNumber: number)"

const appVerifier = this.recaptchaVerifier;
const phoneNumberString = "+" + phoneNumber;
this.fireAuth.auth.signInWithPhoneNumber(phoneNumberString, appVerifier)
  .then(confirmationResult => {
    // SMS sent. Prompt user to type the code from the message, then sign the
    // user in with confirmationResult.confirm(code).
    let prompt = this.alertCtrl.create({
      title: 'Enter the Confirmation code',
      inputs: [{ name: 'confirmationCode', placeholder: 'Confirmation Code' }],
      buttons: [
        {
          text: 'Cancel',
          handler: data => { console.log('Cancel clicked'); }
        },
        {
          text: 'Send',
          handler: data => {
            confirmationResult.confirm(data.confirmationCode)
              .then(result => {
                // Phone number confirmed
              }).catch(error => {
                // Invalid
                console.log(error);
              });
          }
        }
      ]
    });
    prompt.present();
  })
  .catch(error => {
    console.error("SMS not sent", error);
  });

Reference: Firebase Phone Number Authentication

Answer 4

Ok, there are 2 likely reasons:

1. The code expired. The user took too long to provide the SMS code and finish sign in.
2. The code was already successfully used. I think this is the likely reason. You need to get a new verificationId in that case. Get a new reCAPTCHA token via the invisible reCAPTCHA you are using.