firebase-admin-node: auth/internal-error calling `generateEmailVerificationLink` or `generatePasswordResetLink`

Describe your environment

  • Operating System version: Firebase Functions Environment
  • Firebase SDK version: 7.0.0
  • Library version: 7.0.0
  • Firebase Product: auth

Describe the problem

I’m facing internal-error when calling the auth functions to generate Email verification link or password verification link. It throws the error randomly, some time it is successful, but its not consistent. There is no rate limit mentioned for the functions generateEmailVerificationLink and generatePasswordResetLink. Other operations of auth like getUser and setCustomClaims works fine in the same execution where the above mention two functions are failing. The complete error response is: {"error":{"code":400,"message":"TOO_MANY_ATTEMPTS_TRY_LATER","errors":[{"message":"TOO_MANY_ATTEMPTS_TRY_LATER","domain":"global","reason":"invalid"}]}}

Steps to reproduce:

The below code captures the flow of auth operation executions in my application.

Relevant Code:

let promises = [];
let auth = admin.auth();
let hrstart = process.hrtime();


async function testAuth(i) {
    let email = `email+test${i}@gmail.com`;
    let user;
    try {
        user = await auth.createUser({email, password: 'password1234567890'});
    } catch (e) {
        console.log('error creating user', email, e);
        // return Promise.reject(e);
    }

    try {
        await auth.setCustomUserClaims(user.uid, {abc: `testwqa`});
    } catch (e) {
        console.log('error writing user claims', email, e);
        // return Promise.reject(e);
    }

    try {
        user = await auth.getUser(user.uid);
    } catch (e) {
        console.log('error reading user ', email, user.uid, e);
        // return Promise.reject(e);
    }

    let link, plink;
    try {
        link = await auth.generateEmailVerificationLink(user.email, {url: `https://${projectId}.firebaseapp.com/redeem-reward`});
    } catch (e) {
        console.log('error generating email link for ', user.uid, e);
        // return Promise.reject(e);
    }

    try {
        plink = await auth.generatePasswordResetLink(user.email, {url: `https://${projectId}.firebaseapp.com/redeem-reward`});
    } catch (e) {
        console.log('error generating password link for ', user.uid, e);
        // return Promise.reject(e);
    }


    return {user, link, plink};
}

for (let i = 0; i < 3; i++) {
    promises.push(testAuth(i));
}

Promise.all(promises)
    .then(value => {
        let hrend = process.hrtime(hrstart);
        console.log(hrend);
        console.log(value)
    });

Error log: image

About this issue

  • Original URL
  • State: open
  • Created 5 years ago
  • Reactions: 9
  • Comments: 27 (8 by maintainers)

Most upvoted comments

One thing to ensure if you’re running into this is that you’re not using the same email address across multiple attempts. I found through experimentation that it will only allow a link to be generated once per minute per email address… Which seems a perfectly reasonable thing to do to avoid spamming someone, but should still be mentioned in the limits documentation. I do not see this issue if I switch addresses between attempts.

+10
timshirley on May 10, 2021

After spending 10+ hours trying to resolve this issue of getting rate limited on the 2nd query, I’ve had to completely remove Firebase Email Verification from my codebase. This just shows how limited platforms like Firebase are for production grade environments.

+7
MihirSomani on Feb 1, 2021

I experience the same error, but even on the first invocation.

Code: TL;DR operating on firestore and on RTDB, then generating a link on user creation

import * as functions from 'firebase-functions';
import * as admin from 'firebase-admin';
import * as sgMail from '@sendgrid/mail';

const useSg = Boolean(process.env.SENDGRID_API_KEY);

if (useSg) {
  sgMail.setApiKey(process.env.SENDGRID_API_KEY as string);
}

// noinspection JSUnusedGlobalSymbols
export const onUserCreate = functions.auth.user().onCreate(async (user) => {

  const userDoc = admin.firestore().collection('users').doc(user.uid);
  await userDoc.set({
    // ...
  });
  await userDoc.collection('...').doc("...").set({}); // just creating an empty document in Firestore

  const userRef = admin.database().ref('users').child(user.uid);
  await userRef.set({
    // ...
  });

  if (user.emailVerified) throw new Error("User email is already verified"); // impossible

  if (!user.email) throw new Error("User has no email address");

  if (useSg) {
    const link = await admin.auth().generateEmailVerificationLink(user.email); // causes error 400 for some reason

    await sgMail.send({
      to: {name: user.displayName, email: user.email},
      from: {name: "Planemo Team", email: "noreply@example.com"},
      subject: "Activate your registration",
      templateId: "...",
      dynamicTemplateData: {
        subject: "Activate your registration",
        name: user.displayName,
        link,
      },
    });
  } else {
    // ...
  }

});

Error shown in function logs:

Error: An internal error has occurred. Raw server response: "{"error":{"code":400,"message":"TOO_MANY_ATTEMPTS_TRY_LATER","errors":[{"message":"TOO_MANY_ATTEMPTS_TRY_LATER","domain":"global","reason":"invalid"}]}}"
    at FirebaseAuthError.FirebaseError [as constructor] (/srv/node_modules/firebase-admin/lib/utils/error.js:42:28)
    at FirebaseAuthError.PrefixedFirebaseError [as constructor] (/srv/node_modules/firebase-admin/lib/utils/error.js:88:28)
    at new FirebaseAuthError (/srv/node_modules/firebase-admin/lib/utils/error.js:147:16)
    at Function.FirebaseAuthError.fromServerError (/srv/node_modules/firebase-admin/lib/utils/error.js:186:16)
    at /srv/node_modules/firebase-admin/lib/auth/auth-api-request.js:1360:49
    at <anonymous>
    at process._tickDomainCallback (internal/process/next_tick.js:229:7)

Tried with multiple projects, same result.

+5
lezsakdomi on Apr 3, 2020

I wasn’t able to verify the QPS limit per IP address. But I can lookup the email link generation limit per day for each operation and document it.

+1
bojeil-google on Mar 22, 2019

Ok, so you will end up getting throttled at some point as email link generation is not meant to be run in batches as you appear to be doing. You will need to apply some throttling on your end. If you can figure out the number of requests you are able to send before getting throttled, that could help determine whether throttling is excessive or not for this operation.

You are better off opening a support ticket for this. The support team will help connect you directly to the backend engineers in charge of this. The GitHub repo is not the right place for these issues. I can only help diagnose the issue and play middleman but can’t look into the usage logs for your project or make changes to fix this.

+1
bojeil-google on Feb 19, 2019
Read more comments on GitHub
← firebase-admin-node: Auth error:FetchError: request to https://www.googleapis.com/oauth2/v4/token failed, reason: socket hang up
firebase-admin-node: [bug] Fails to login firebase-admin after updating to 5.13.0 →