when i use FirebaseAuth.instance.signInWithEmailAndPassword() in my Flutter/Dart code, to test scenarios where users, for example, enter a wrong password or wrong email and etc. To get error codes, like: 'user-not-found', 'invalid-email', 'user-disabled' or 'wrong-password'. The problem is that the only error code that i get is 'INVALID_LOGIN_CREDENTIALS'.
This is my code:
Future<AuthResult> signIn(String email, String password) async {
try {
await FirebaseAuth.instance.signInWithEmailAndPassword(
email: email,
password: password,
);
return AuthResult.success;
} on FirebaseAuthException catch (e) {
print(e.code);
switch (e.code) {
case 'user-not-found':
return AuthResult.userNotFound;
case 'invalid-email':
return AuthResult.invalidEmail;
case 'user-disabled':
return AuthResult.userDisabled;
case 'wrong-password':
return AuthResult.wrongPassword;
default:
return AuthResult.failure;
}
} catch (_) {
return AuthResult.aborted;
}
}
I also looked on the StackOverFlow and Github, to see if other people had this problem. and it looks like it has to do with email enumeration protection. I looked into the Google Cloud docs to see how to disable this, but this didn't solve my problem, when following the instructions.
Link on how to disable it: https://cloud.google.com/identity-platform/docs/admin/email-enumeration-protection#disable
This is the error in the Google Cloud console i get, when following the instructions:
curl: (3) URL using bad/illegal format or missing URL
curl: (6) Could not resolve host: Bearer
curl: (3) URL using bad/illegal format or missing URL
curl: (3) URL using bad/illegal format or missing URL
curl: (6) Could not resolve host: application
curl: (3) URL using bad/illegal format or missing URL
curl: (3) URL using bad/illegal format or missing URL
{
"error": {
"code": 401,
"message": "Request is missing required authentication credential. Expected OAuth 2 access token, login cookie or other valid authentication credential. See https://developers.google.com/identity/sign-in/web/devconsole-project.",
"status": "UNAUTHENTICATED",
"details": [
{
"@type": "type.googleapis.com/google.rpc.ErrorInfo",
"reason": "CREDENTIALS_MISSING",
"domain": "googleapis.com",
"metadata": {
"service": "identitytoolkit.googleapis.com",
"method": "google.cloud.identitytoolkit.admin.v2.ProjectConfigService.UpdateConfig"
}
}
]
}
}
For Firebase projects created since September 15 2023, the setting to protect against email enumeration is enabled by default. This setting makes it harder for malicious user to find out what users are in your project by changing the responses of some APIs, and disabling other APIs completely.
What you're seeing is the result of this setting, which is documented on this page on email enumeration protection.
That page also shows how to disable email enumeration protection so that the API reverts to its previous behavior. Note that doing so will make your project/users susceptible to the risks of an email enumeration attack.