🐛 [firebase_auth] Platforms other than web throw an incorrect exception using LoginWithEmailAndPassword and email enumeration protection

[ofsp6070]

Bug report

Describe the bug
When using LoginWithEmailAndPassword with incorrect login credentials while having email enumeration protection enabled on the firebase project (https://cloud.google.com/identity-platform/docs/admin/email-enumeration-protection), platforms other than Web throw an incorrect exception.

Web throws FirebaseAuthException with error code "invalid-login-credentials" as it should.

iOS throws simply FirebaseAuthException with error code "internal error" and a generic error message "An internal error has occurred, print and inspect the error details for more information." with no way to recover the "invalid_login_credentials" error.

Android throws FirebaseAuthException with "internal error" as the code, but with an error message that includes "invalid_login_credentials"

Steps to reproduce

Steps to reproduce the behavior:

1. Enable Email Enumeration Protection in the firebase project with the instructions from https://cloud.google.com/identity-platform/docs/admin/email-enumeration-protection as suggested in https://firebase.google.com/support/guides/security-checklist
2. Try to log with Firebase Auth with incorrect credentials using LoginWithEmailAndPassword in a Flutter app
3. See error or incorrect behavior on every platform other than web

Expected behavior

Every platform should throw FirebaseAuthException with error code "invalid-login-credentials"

---

Flutter doctor

Run flutter doctor and paste the output below:

Click To Expand

[✓] Flutter (Channel stable, 3.7.7, on macOS 13.2.1 22D68 darwin-arm64, locale en-MX)
[✓] Android toolchain - develop for Android devices (Android SDK version 33.0.1)
[✓] Xcode - develop for iOS and macOS (Xcode 14.2)
[✓] Chrome - develop for the web
[✓] Android Studio (version 2022.1)
[✓] VS Code (version 1.76.1)
[✓] Connected device (3 available)
[✓] HTTP Host Availability

---

Flutter dependencies

Run flutter pub deps -- --style=compact and paste the output below:

Click To Expand

Dart SDK 2.19.4
Flutter SDK 3.7.7
engage 1.0.0+1

dependencies:
- cloud_firestore 4.4.4 [cloud_firestore_platform_interface cloud_firestore_web collection firebase_core firebase_core_platform_interface flutter meta]
- cloud_functions 4.0.12 [cloud_functions_platform_interface cloud_functions_web firebase_core firebase_core_platform_interface flutter]
- cupertino_icons 1.0.5
- email_validator 2.1.17
- firebase_analytics 10.1.5 [firebase_analytics_platform_interface firebase_analytics_web firebase_core firebase_core_platform_interface flutter]
- firebase_auth 4.2.10 [firebase_auth_platform_interface firebase_auth_web firebase_core firebase_core_platform_interface flutter meta]
- firebase_core 2.7.1 [firebase_core_platform_interface firebase_core_web flutter meta]
- firebase_crashlytics 3.0.16 [firebase_core firebase_core_platform_interface firebase_crashlytics_platform_interface flutter stack_trace]
- firebase_remote_config 3.0.14 [firebase_core firebase_core_platform_interface firebase_remote_config_platform_interface firebase_remote_config_web flutter]
- firebase_storage 11.0.15 [firebase_core firebase_core_platform_interface firebase_storage_platform_interface firebase_storage_web flutter]
- flutter 0.0.0 [characters collection js material_color_utilities meta vector_math sky_engine]
- flutter_localizations 0.0.0 [flutter intl characters clock collection js material_color_utilities meta path vector_math]
- flutter_riverpod 2.3.1 [collection flutter meta riverpod state_notifier]
- go_router 6.2.0 [collection flutter flutter_web_plugins logging meta]
- intl 0.17.0 [clock path]
- riverpod_annotation 2.0.1 [meta riverpod]

dev dependencies:
- build_runner 2.3.3 [args async analyzer build build_config build_daemon build_resolvers build_runner_core code_builder collection crypto dart_style frontend_server_client glob graphs http_multi_server io js logging meta mime package_config path pool pub_semver pubspec_parse shelf shelf_web_socket stack_trace stream_transform timing watcher web_socket_channel yaml]
- flutter_lints 2.0.1 [lints]
- flutter_test 0.0.0 [flutter test_api path fake_async clock stack_trace vector_math async boolean_selector characters collection js matcher material_color_utilities meta source_span stream_channel string_scanner term_glyph]
- riverpod_generator 2.1.3 [analyzer build build_config collection crypto meta path riverpod_analyzer_utils riverpod_annotation source_gen]

transitive dependencies:
- _fe_analyzer_shared 55.0.0 [meta]
- _flutterfire_internals 1.0.17 [collection firebase_core firebase_core_platform_interface flutter meta]
- analyzer 5.7.1 [_fe_analyzer_shared collection convert crypto glob meta package_config path pub_semver source_span watcher yaml]
- analyzer_plugin 0.11.2 [analyzer collection dart_style pub_semver yaml]
- args 2.4.0
- async 2.10.0 [collection meta]
- boolean_selector 2.1.1 [source_span string_scanner]
- build 2.3.1 [analyzer async convert crypto glob logging meta path]
- build_config 1.1.1 [checked_yaml json_annotation path pubspec_parse yaml]
- build_daemon 3.1.1 [built_collection built_value http_multi_server logging path pool shelf shelf_web_socket stream_transform watcher web_socket_channel]
- build_resolvers 2.2.0 [analyzer async build collection crypto graphs logging path package_config pool pub_semver stream_transform yaml]
- build_runner_core 7.2.7 [async build build_config build_resolvers collection convert crypto glob graphs json_annotation logging meta path package_config pool timing watcher yaml]
- built_collection 5.1.1
- built_value 8.4.4 [built_collection collection fixnum meta]
- characters 1.2.1
- checked_yaml 2.0.2 [json_annotation source_span yaml]
- cli_util 0.3.5 [meta path]
- clock 1.1.1
- cloud_firestore_platform_interface 5.11.4 [_flutterfire_internals collection firebase_core flutter meta plugin_platform_interface]
- cloud_firestore_web 3.3.4 [_flutterfire_internals cloud_firestore_platform_interface collection firebase_core firebase_core_web flutter flutter_web_plugins js]
- cloud_functions_platform_interface 5.1.31 [firebase_core flutter meta plugin_platform_interface]
- cloud_functions_web 4.3.20 [cloud_functions_platform_interface firebase_core firebase_core_web flutter flutter_web_plugins js]
- code_builder 4.4.0 [built_collection built_value collection matcher meta]
- collection 1.17.0
- convert 3.1.1 [typed_data]
- crypto 3.0.2 [typed_data]
- custom_lint 0.3.2 [analyzer analyzer_plugin args async cli_util freezed_annotation json_annotation meta package_config path pub_semver pubspec_parse riverpod rxdart uuid]
- custom_lint_core 0.3.2 [analyzer analyzer_plugin collection custom_lint matcher meta path source_span yaml]
- dart_style 2.2.5 [analyzer args path pub_semver source_span]
- fake_async 1.3.1 [clock collection]
- file 6.1.4 [meta path]
- firebase_analytics_platform_interface 3.3.22 [_flutterfire_internals firebase_core flutter meta plugin_platform_interface]
- firebase_analytics_web 0.5.1+13 [_flutterfire_internals firebase_analytics_platform_interface firebase_core firebase_core_web flutter flutter_web_plugins js]
- firebase_auth_platform_interface 6.11.12 [_flutterfire_internals collection firebase_core flutter meta plugin_platform_interface]
- firebase_auth_web 5.2.9 [firebase_auth_platform_interface firebase_core firebase_core_web flutter flutter_web_plugins http_parser intl js meta]
- firebase_core_platform_interface 4.5.3 [collection flutter flutter_test meta plugin_platform_interface]
- firebase_core_web 2.2.2 [firebase_core_platform_interface flutter flutter_web_plugins js meta]
- firebase_crashlytics_platform_interface 3.3.16 [_flutterfire_internals collection firebase_core flutter meta plugin_platform_interface]
- firebase_remote_config_platform_interface 1.1.34 [_flutterfire_internals firebase_core flutter meta plugin_platform_interface]
- firebase_remote_config_web 1.1.23 [firebase_core firebase_core_web firebase_remote_config_platform_interface flutter flutter_web_plugins js]
- firebase_storage_platform_interface 4.1.31 [collection firebase_core flutter meta plugin_platform_interface]
- firebase_storage_web 3.3.24 [_flutterfire_internals async firebase_core firebase_core_web firebase_storage_platform_interface flutter flutter_web_plugins http js meta]
- fixnum 1.1.0
- flutter_web_plugins 0.0.0 [flutter js characters collection material_color_utilities meta vector_math]
- freezed_annotation 2.2.0 [collection json_annotation meta]
- frontend_server_client 3.2.0 [async path]
- glob 2.1.1 [async collection file path string_scanner]
- graphs 2.2.0 [collection]
- http 0.13.5 [async http_parser meta path]
- http_multi_server 3.2.1 [async]
- http_parser 4.0.2 [collection source_span string_scanner typed_data]
- io 1.0.4 [meta path string_scanner]
- js 0.6.5 [meta]
- json_annotation 4.8.0 [meta]
- lints 2.0.1
- logging 1.1.1
- matcher 0.12.13 [meta stack_trace]
- material_color_utilities 0.2.0
- meta 1.8.0
- mime 1.0.4
- package_config 2.1.0 [path]
- path 1.8.2
- plugin_platform_interface 2.1.4 [meta]
- pool 1.5.1 [async stack_trace]
- pub_semver 2.1.3 [collection meta]
- pubspec_parse 1.2.2 [checked_yaml collection json_annotation pub_semver yaml]
- riverpod 2.3.1 [collection meta stack_trace state_notifier]
- riverpod_analyzer_utils 0.1.4 [analyzer collection crypto custom_lint_core freezed_annotation meta path source_span]
- rxdart 0.27.7
- shelf 1.4.0 [async collection http_parser path stack_trace stream_channel]
- shelf_web_socket 1.0.3 [shelf stream_channel web_socket_channel]
- sky_engine 0.0.99
- source_gen 1.2.7 [analyzer async build dart_style glob path source_span yaml]
- source_span 1.9.1 [collection path term_glyph]
- stack_trace 1.11.0 [path]
- state_notifier 0.7.2+1 [meta]
- stream_channel 2.1.1 [async]
- stream_transform 2.1.0
- string_scanner 1.2.0 [source_span]
- term_glyph 1.2.1
- test_api 0.4.16 [async boolean_selector collection meta source_span stack_trace stream_channel string_scanner term_glyph matcher]
- timing 1.0.1 [json_annotation]
- typed_data 1.3.1 [collection]
- uuid 3.0.7 [crypto]
- vector_math 2.1.4
- watcher 1.0.2 [async path]
- web_socket_channel 2.3.0 [async crypto stream_channel]
- yaml 3.1.1 [collection source_span string_scanner]

---

[ofsp6070]

I've just tried the new update and both iOS and Android now catch the error correctly. I appreciate the quick response to the issue :) As a side note, unsure if it is intentional but it looks like an ns log on the iOS code was left behind, so now those errors are showing up on the debug console, not a big deal but just wanted to let you know.

[kodejack]

I get the same error when trying to register a user whose password does not meet the validation requirements.

These are the custom rules we have set
Password must contain a lower case character, Password must contain an upper case character, Password must contain a non-alphanumeric character

• Web errors with the expected error and description.
  PASSWORD_DOES_NOT_MEET_REQUIREMENTS : Missing password requirements: [Password must contain a lower case character, Password must contain an upper case character, Password must contain a non-alphanumeric character]
• Android fails with the correct error but not the correct password validation message if you have customised your password rules it appears to still show the default
  [firebase_auth/unknown] [Password must contain at least 8 characters, Password must contain a non-alphanumeric character] ]
• iOS fails with a non-descript error
  [firebase_auth/internal-error] An internal error has occurred, print and inspect the error details for more information.

[russellwheatley]

Thanks for the confirmation, @ofsp6070. will close out. @kodejack - could you open another issue for your specific issue, please? Thanks.