FirebaseAuth error: The reCAPTCHA SDK is not linked to your app

[cantoni]

I've managed to fix this issue (or at least avoid it) by disabling the reCAPTCHA SMS defence on Identify Platform. You'll need to open the link on that page somewhere where you're logged into the GCP Console and run it in the API Explorer tab that opens on the right. Make sure to swap the Request parameters -> Name to project/{id}/config. It'll say 'You have invalid or missing required parameter values above. If you execute anyway, the response will likely be an error.', but it worked for me.

The SDK then defaults to using the SKSafariViewController hosted captcha and provided you handle the callback via .onOpenURL or via AppDelegate then everything works as expected.

It seems that using reCAPTCHA SMS defence requires adding the reCAPTCHA SDK to your project, and configuring it, however for the Firebase iOS SDK I don't see where the configured reCAPTCHA client should be injected.

@ee99ee

Originally posted by @oliver-bevan in #17557

This issue is still live; @oliver-bevan has an appropriate workaround but please be advised that this is pretty hard to track down! See the closed issue for a description of what happens: if you enable the reCAPTCHA setting in Firebase (which enables Cloud Enterprise reCAPTCHA but is not clearly labeled as different from the built-in reCAPTCA support in Firebase settings), then disable it, your Firebase auth will continue to fail unless you disable this related setting that gets flips without confirmation or documentation.

There are multiple closed issues for this same issue; it's still reproducible today (April 2026).

Duplicates:

• [firebase_auth]:Error code: [firebase_auth/recaptcha-sdk-not-linked] The reCAPTCHA SDK is not linked to your app. See https://cloud.google.com/recaptcha-enterprise/docs/instrument-ios-apps #17557
• iOS Phone Auth fails with ERROR_RECAPTCHA_SDK_NOT_LINKED after toggling reCAPTCHA Enterprise firebase-ios-sdk#15345

(Seems like this is probably a FirebaseAuth issue rather than platform SDK specific)

[SelaseKay]

Hi @cantoni, thanks for the report. This error seems to originate from the Firebase iOS SDK. Could you provide clear steps on how you reproduced this?

[cantoni]

Hi Jude. AFAICT this is not an iOS SDK problem.

Steps to reproduce:

1. On any Firebase project, via the web interface, go to Authentication > Settings > reCAPTCHA.
2. Click on "Manage reCAPTCHA"
3. Enable reCAPTCHA Enterprise API in the Google Cloud page that opens.
4. Disable reCAPTCHA Enterprise API in Google Cloud on the same page.

Expected result: regular Firebase phone Auth and regular non-Google-Cloud reCAPTCHA should function

Actual result: Firebase phone auth and/or reCAPTCHA won't function because reCAPTCHA Enterprise API has been silently enabled as side-effect of enabling the Google Cloud reCAPTCHA Enterprise API. User must disable reCAPTCHA Enterprise API as described in the post I quoted by visiting this link:

https://cloud.google.com/identity-platform/docs/reference/rest/v2/projects/updateConfig?apix_params={"name":"projects/PROJECT_ID/config","updateMask":"recaptchaConfig","resource":{"recaptchaConfig":{"phoneEnforcementState":"OFF","useSmsTollFraudProtection":"false"}}}

Until that is disabled, Firebase phone auth will not function as expected.

My proposed solution for this would be to update Firebase Auth reCAPTCHA settings to first of all note that standard reCAPTCHA works without enabling the enterprise API at all. It's currently hard to figure out that most users don't need to enable this setting. But regardless the user should be given instructions on how to disable this setting once enabled.

[SelaseKay]

Hi @cantoni, thanks for the detailed feedback This seems to be more of a documentation gap rather than a flutterfire bug. I’ll update the docs to reflect your proposed solution so it’s clearer for others.