-
Notifications
You must be signed in to change notification settings - Fork 585
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
IllegalArgumentException thrown by startActivityForLinkWithProvider when SMS multi-factor authentication enabled #6412
Comments
I couldn't figure out how to label this issue, so I've labeled it for a human to triage. Hang tight. |
Hi @SteveByrneOutput, thank you for reaching put and reporting the issue. May I ask a few questions for us to narrow down the issue.
Also, could you try using the latest version on our Firebase (BOM 33.5.1) products to see if that resolves the issue? Thanks! |
Hi @lehcar09 The issue is reproducible across multiple APIs including Upgrading to BOM 33.5.1 unfortunately doesn’t resolve the issue |
Hi @SteveByrneOutput, thank you for checking the issue in the latest version. By any chance, have you tried using another provider? If so, does the issue also occurs? I'll raise this issue to our engineers and get back to you. |
@lehcar09 Unfortunately we haven't tried any other providers. Thank you for raising the issue. Let me know if there is any other information I can provide |
Hi @SteveByrneOutput, thanks for filing the issue. I wasn't able to reproduce it. I was able to link a user with SMS MFA to a Microsoft provider without issues. Here are the steps I followed: -Sign in with Google provider [Java]
Please let me know if I miss anything. What is the provider of your current user (Google, email password)? |
Hi @NhienLam thanks for looking into the issue. My steps to repoduce are as follows:
The exception is only thrown when the user is enrolled with SMS MFA.
The only difference I can see between your code and mine is the added Can you please provide some information on what might be causing the crash to happen. |
Hi @NhienLam |
Hi @SteveByrneOutput. I think I was able to reproduce the issue. My stacktrace is slightly different from yours, but it seems to have the same root cause. When linking a user with MFA enabled to an OAuth provider, the server response does not contain an idToken, even though linking does not require second-factor authentication. However, the SDK still checks for the presence of an idToken, so Currently, there's no workaround for this. We will investigate a fix, but I cannot provide a timeline at this time. However, since the linking still succeeds, I hope this does not pose a significant blocker for you. Please correct me if I'm wrong. Does the exception thrown in the background cause any crashes or other issues? |
Thank you for investigating the issue. Unfortunately this does pose as a blocker for us. We wont be able to deliver this feature until a fix is provided |
Environment
Issue
startActivityForLinkWithProvider
throws anIllegalArgumentException
if the firebaseUser has SMS multi-factor authentication enabled and configured.If the firebaseUser does not have SMS multi-factor authentication enabled and configured the call will run as expected and trigger either
addOnSuccessListener
oraddOnFailureListener
depending on the outcome.When SMS multi-factor authentication is enabled the callbacks are not triggered.
The user can log in on chrome as expected with their Microsoft credentials and when the app is brought to the foreground again the exception is thrown.
There are no other calls to Firebase auth at this time.
Prior to calling
startActivityForLinkWithProvider(...)
the user is successfully reauthenticated.FirebaseAuth.getInstance().currentUser!!.reauthenticate(...)
throwsFirebaseAuthMultiFactorException
as expectedmultiFactorResolver.resolveSignIn(...)
returns a success as expected.Wrapping the block in a try/catch does not catch the exception.
Steps to reproduce:
Relevant Code:
Stacktrace:
Dependencies
The text was updated successfully, but these errors were encountered: