firebase-ios-sdk: SendVerificationCode method is returning Error Code: 16 in production for some users
Description
I’m using Firebase Auth in production. I have Firebase AppCheck enabled and enforced for Authentication.
A small percentage of my users on iOS are seeing the sdk error out with An internal error has occurred, print and inspect the error details for more information. when trying to request a verification code.
I went through our logs in Google Cloud and noticed that the google.cloud.identitytoolkit.v1.AuthenticationService.SendVerificationCode method is failing with error code 16 and message Error code: 16 for them. The logs don’t provide any other indication of what error code 16 might be and my search of this error online plus in the firebase emulation tools has not resulted in any answers. Please see the full log with number, ip address, and project details redacted below:
{
"insertId": "kjdxlhdp2nu",
"jsonPayload": {
"status": {
"code": 16,
"message": "Error code: 16"
},
"request": {
"phoneNumber": "xxxxxxxxxxxxx",
"@type": "type.googleapis.com/google.cloud.identitytoolkit.v1.SendVerificationCodeRequest"
},
"requestMetadata": {
"callerIp": "xxxxxxxxxxxx",
"callerSuppliedUserAgent": "FirebaseAuth.iOS/10.17.0 xxxxxxxxxxxx/7.27 iPhone/16.5.1 hw/iPhone12_3,gzip(gfe),gzip(gfe)"
},
"methodName": "google.cloud.identitytoolkit.v1.AuthenticationService.SendVerificationCode",
"@type": "type.googleapis.com/google.cloud.identitytoolkit.logging.RequestLog",
"serviceName": "identitytoolkit.googleapis.com"
},
"resource": {
"type": "identitytoolkit_project",
"labels": {
"project_id": "xxxxxxxxxxx"
}
},
"timestamp": "2023-11-15T23:25:18.518Z",
"severity": "ERROR",
"logName": "projects/xxxxxxxxxxxx/logs/identitytoolkit.googleapis.com%2Frequests",
"receiveTimestamp": "2023-11-15T23:25:18.876791432Z"
}
As you can see, I am using the latest Firebase iOS SDK (10.17.0) and the user has the latest version of my app.
I doubt this is a clear cut misconfiguration on our side since the majority of users are able to sign in with no issue. I would like if Firebase team can decipher what error code 16 might mean and why the SDK is not providing a more useful error message.
Reproducing the issue
No response
Firebase SDK Version
10.17.0
Xcode Version
15.0
Installation Method
CocoaPods
Firebase Product(s)
App Check, Authentication
Targeted Platforms
iOS
Relevant Log Output
{
"insertId": "kjdxlhdp2nu",
"jsonPayload": {
"status": {
"code": 16,
"message": "Error code: 16"
},
"request": {
"phoneNumber": "xxxxxxxxxxxxx",
"@type": "type.googleapis.com/google.cloud.identitytoolkit.v1.SendVerificationCodeRequest"
},
"requestMetadata": {
"callerIp": "xxxxxxxxxxxx",
"callerSuppliedUserAgent": "FirebaseAuth.iOS/10.17.0 xxxxxxxxxxxx/7.27 iPhone/16.5.1 hw/iPhone12_3,gzip(gfe),gzip(gfe)"
},
"methodName": "google.cloud.identitytoolkit.v1.AuthenticationService.SendVerificationCode",
"@type": "type.googleapis.com/google.cloud.identitytoolkit.logging.RequestLog",
"serviceName": "identitytoolkit.googleapis.com"
},
"resource": {
"type": "identitytoolkit_project",
"labels": {
"project_id": "xxxxxxxxxxx"
}
},
"timestamp": "2023-11-15T23:25:18.518Z",
"severity": "ERROR",
"logName": "projects/xxxxxxxxxxxx/logs/identitytoolkit.googleapis.com%2Frequests",
"receiveTimestamp": "2023-11-15T23:25:18.876791432Z"
}
If using Swift Package Manager, the project’s Package.resolved
Expand Package.resolved snippet
Replace this line with the contents of your Package.resolved.
If using CocoaPods, the project’s Podfile.lock
Expand Podfile.lock snippet
# Uncomment this line to define a global platform for your project
# platform :ios, '9.0'
# Uncomment this line if you're using Swift
use_frameworks!
platform :ios, '13.0'
target 'XXXXXXXXX' do
project 'XXXXXXXXX', 'Debug' => :debug, 'Debug.Staging' => :debug, 'Release' => :release, 'Release.Staging' => :release
pod 'FirebaseMessaging'
pod 'FirebaseAuth'
pod 'FirebaseAnalytics'
pod 'FirebaseAppCheck'
pod 'FirebaseCrashlytics'
pod 'FirebaseRemoteConfig'
end
About this issue
- Original URL
- State: open
- Created 8 months ago
- Comments: 31 (15 by maintainers)
Unfortunately our engineers are unable to replicate this, but will keep an eye out for if we are we will capture logs.
We do not. We use SignInWithPassword and have MFA available with SMS verification codes but not signInWithPhone. I just posted that showing it doesn’t seem to be specific to the
SendVerificationCodebut AppCheck as a whole.@jostster I don’t think so. I was facing this issue, at a much larger scale, even before 10.17.0. The PR you referenced actually fixed it for most of my users but not all.
And of course Apple and Google will both say “Works on my machine” so it sounds like we are left to either migrate off firebase or find the cause ourselves in the dark. Did you submit an Apple Feedback yet?
@jostster I still have App Check disabled since we could not accept losing users on sign up due to this error.
I have continued to investigate this but have found no solution. It is clear though that App Check is the culprit, so it is either a bug from Apple in generating AppAttest tokens or from Google’s backend verifying the token. The support case 10259958 is still pending.
I would appreciate it if you could update this issue if you happen to come across more info as far as user segment or commonalities.
I have opened support case 10259958.