[firebase_auth]: Bad handling of Token Service errors

[ClementCardonnel]

Is there an existing issue for this?

• I have searched the existing issues.

Which plugins are affected?

Auth

Which platforms are affected?

iOS

Description

So, I've been having an annoying issue that was hard for me to diagnose.

Basically, if you've got a Flutter app using Firebase Auth, you may encounter cryptic problems if you don't have Token Service API authorized in your Google Cloud keys.

Issues including:

• Await calls on transactions (like setting a value on FireStore) never returning on iOS.
• Get streams returning empty lists without throwing an error
• User still being registered, and thus my app showing it as authenticated even though the refresh token was invalid.

I've already had a similar problem with the API restrictions feature of Google Cloud, it's happened to me twice, and it's really painful to debug.

Now I understand that authentication is not supposed to work if the API is restricted at the key level.
But there are multiple issues here that should still be addressed:

1. The only log that is sent talks of an internet connectivity issue while the Token Service API returns a 403, so clearly not an internet connectivity issue. This log could be improved to better represent the actual error.
2. The log downplays the seriousness of the issue. Not having token renew after an hour is a major problem. The log should be especially clear and be considered an error instead of a warning. Crashing the app in debug mode could even be considered.
3. Network calls to other Firebase APIs subsequently fail in ways that are not acceptable. An await call never returning should not happen, this should be fixed no matter what.
4. Network calls to other Firebase APIs never communicate the issue clearly. Since the app switches to offline mode, some things work, some don't, and I haven't encountered the 403 error from Token Service at any point apart from the cryptic log warning.

The main problem here is that communication from the Firebase SDK to the developer is lacking on this specific issue. There are three axis of improvements:

• Communication through better logging and error handling,
• Stability by fixing the non-completing await on iOS,
• Prevention by better explaining Google Cloud API restrictions. I did not find a documentation page explaining which APIs are restricted for each Firebase service to work properly. Which is a shame… Maybe there are other services I should whitelist for my keys but I'm not yet aware of them.

Thank you for your work maintaining this project.

Reproducing the issue

Have a project with Firebase Authentication enabled, but using an API key without the Token Service API permission in Google Cloud.

• Build and run the app
• If logging is working, you may be able to see the log I mentioned in the Relevant Log Output section
• Authenticate the user
• Perform a GET or a SET request to cloud firestore, notice that it works
• Leave the app, come back to it one hour later
• Notice that you cannot get anything
• Notice that on iOS, streams silently fail (return nothing without providing a reason)
• Notice that on iOS, await calls for transactions never return

Firebase Core version

3.5.0

Flutter Version

3.24.3

Relevant Log Output

- [Firebase/Firestore][I-FST000001] Could not reach Cloud Firestore backend. Connection failed 1 times. Most recent error: An internal error has occurred, print and inspect the error details for more information.
 This typically indicates that your device does not have a healthy Internet connection at the moment. The client will operate in offline mode until it is able to successfully connect to the backend.

Flutter dependencies

Expand Flutter dependencies snippet

Dart SDK 3.5.3
Flutter SDK 3.24.3
leafty 0.5.0+4

dependencies:
- animated_size_and_fade 4.0.0 [flutter]
- async 2.11.0 [collection meta]
- cloud_firestore 5.4.2 [cloud_firestore_platform_interface cloud_firestore_web collection firebase_core firebase_core_platform_interface flutter meta]
- collection 1.18.0
- cupertino_icons 1.0.8
- dotted_border 2.1.0 [flutter path_drawing]
- dual_screen 1.0.4 [flutter]
- easy_debounce 2.0.3
- envied 0.5.4+1
- figma_squircle 0.5.3 [vector_math flutter]
- firebase_analytics 11.3.2 [firebase_analytics_platform_interface firebase_analytics_web firebase_core firebase_core_platform_interface flutter]
- firebase_auth 5.3.0 [firebase_auth_platform_interface firebase_auth_web firebase_core firebase_core_platform_interface flutter meta]
- firebase_core 3.5.0 [firebase_core_platform_interface firebase_core_web flutter meta]
- firebase_crashlytics 4.1.2 [firebase_core firebase_core_platform_interface firebase_crashlytics_platform_interface flutter stack_trace]
- flutter 0.0.0 [characters collection material_color_utilities meta vector_math sky_engine]
- flutter_localizations 0.0.0 [flutter intl characters clock collection material_color_utilities meta path vector_math]
- flutter_secure_storage 9.2.2 [flutter flutter_secure_storage_linux flutter_secure_storage_macos flutter_secure_storage_platform_interface flutter_secure_storage_web flutter_secure_storage_windows meta]
- flutter_svg 2.0.10+1 [flutter http vector_graphics vector_graphics_codec vector_graphics_compiler]
- fluttertoast 8.2.8 [flutter flutter_web_plugins web]
- geolocator 13.0.1 [flutter geolocator_platform_interface geolocator_android geolocator_apple geolocator_web geolocator_windows]
- go_router 14.2.7 [collection flutter flutter_web_plugins logging meta]
- google_fonts 6.2.1 [flutter http path_provider crypto]
- google_maps_flutter 2.9.0 [flutter google_maps_flutter_android google_maps_flutter_ios google_maps_flutter_platform_interface google_maps_flutter_web]
- google_sign_in 6.2.1 [flutter google_sign_in_android google_sign_in_ios google_sign_in_platform_interface google_sign_in_web]
- http 1.2.2 [async http_parser meta web]
- intl 0.19.0 [clock meta path]
- jwt_decoder 2.0.1
- material_design_icons_flutter 7.0.7296 [flutter]
- provider 6.1.2 [collection flutter nested]
- pull_down_button 0.10.1 [flutter meta]
- shared_preferences 2.3.2 [flutter shared_preferences_android shared_preferences_foundation shared_preferences_linux shared_preferences_platform_interface shared_preferences_web shared_preferences_windows]
- sprung 3.0.1 [flutter]
- url_launcher 6.3.0 [flutter url_launcher_android url_launcher_ios url_launcher_linux url_launcher_macos url_launcher_platform_interface url_launcher_web url_launcher_windows]
- uuid 4.5.0 [crypto sprintf meta fixnum]

dev dependencies:
- build_runner 2.4.12 [analyzer args async build build_config build_daemon build_resolvers build_runner_core code_builder collection crypto dart_style frontend_server_client glob graphs http_multi_server io js logging meta mime package_config path pool pub_semver pubspec_parse shelf shelf_web_socket stack_trace stream_transform timing watcher web_socket_channel yaml]
- envied_generator 0.5.4+1 [envied build code_builder dart_style source_gen analyzer recase equatable]
- flutter_lints 4.0.0 [lints]
- flutter_test 0.0.0 [flutter test_api matcher path fake_async clock stack_trace vector_math leak_tracker_flutter_testing async boolean_selector characters collection leak_tracker leak_tracker_testing material_color_utilities meta source_span stream_channel string_scanner term_glyph vm_service]

transitive dependencies:
- _fe_analyzer_shared 72.0.0 [meta]
- _flutterfire_internals 1.3.43 [collection firebase_core firebase_core_platform_interface flutter meta]
- _macros 0.3.2
- analyzer 6.7.0 [_fe_analyzer_shared collection convert crypto glob macros meta package_config path pub_semver source_span watcher yaml]
- args 2.5.0
- boolean_selector 2.1.1 [source_span string_scanner]
- build 2.4.1 [analyzer async convert crypto glob logging meta package_config path]
- build_config 1.1.1 [checked_yaml json_annotation path pubspec_parse yaml]
- build_daemon 4.0.2 [built_collection built_value crypto http_multi_server logging path pool shelf shelf_web_socket stream_transform watcher web_socket_channel]
- build_resolvers 2.4.2 [analyzer async build collection convert crypto graphs logging package_config path pool pub_semver stream_transform yaml]
- build_runner_core 7.3.2 [async build build_config build_resolvers collection convert crypto glob graphs json_annotation logging meta package_config path pool timing watcher yaml]
- built_collection 5.1.1
- built_value 8.9.2 [built_collection collection fixnum meta]
- characters 1.3.0
- checked_yaml 2.0.3 [json_annotation source_span yaml]
- clock 1.1.1
- cloud_firestore_platform_interface 6.4.2 [_flutterfire_internals collection firebase_core flutter meta plugin_platform_interface]
- cloud_firestore_web 4.3.1 [_flutterfire_internals cloud_firestore_platform_interface collection firebase_core firebase_core_web flutter flutter_web_plugins]
- code_builder 4.10.0 [built_collection built_value collection matcher meta]
- convert 3.1.1 [typed_data]
- crypto 3.0.5 [typed_data]
- csslib 1.0.0 [source_span]
- dart_style 2.3.7 [analyzer args collection package_config path pub_semver source_span]
- equatable 2.0.5 [collection meta]
- fake_async 1.3.1 [clock collection]
- ffi 2.1.3
- file 7.0.0 [meta path]
- firebase_analytics_platform_interface 4.2.4 [_flutterfire_internals firebase_core flutter meta plugin_platform_interface]
- firebase_analytics_web 0.5.10+1 [_flutterfire_internals firebase_analytics_platform_interface firebase_core firebase_core_web flutter flutter_web_plugins]
- firebase_auth_platform_interface 7.4.6 [_flutterfire_internals collection firebase_core flutter meta plugin_platform_interface]
- firebase_auth_web 5.13.1 [firebase_auth_platform_interface firebase_core firebase_core_web flutter flutter_web_plugins http_parser meta web]
- firebase_core_platform_interface 5.3.0 [collection flutter flutter_test meta plugin_platform_interface]
- firebase_core_web 2.18.1 [firebase_core_platform_interface flutter flutter_web_plugins meta web]
- firebase_crashlytics_platform_interface 3.6.43 [_flutterfire_internals collection firebase_core flutter meta plugin_platform_interface]
- fixnum 1.1.0
- flutter_plugin_android_lifecycle 2.0.22 [flutter]
- flutter_secure_storage_linux 1.2.1 [flutter flutter_secure_storage_platform_interface]
- flutter_secure_storage_macos 3.1.2 [flutter flutter_secure_storage_platform_interface]
- flutter_secure_storage_platform_interface 1.1.2 [flutter plugin_platform_interface]
- flutter_secure_storage_web 1.2.1 [flutter flutter_secure_storage_platform_interface flutter_web_plugins js]
- flutter_secure_storage_windows 3.1.2 [ffi flutter flutter_secure_storage_platform_interface path path_provider win32]
- flutter_web_plugins 0.0.0 [flutter characters collection material_color_utilities meta vector_math]
- frontend_server_client 4.0.0 [async path]
- geolocator_android 4.6.1 [flutter geolocator_platform_interface meta uuid]
- geolocator_apple 2.3.7 [flutter geolocator_platform_interface]
- geolocator_platform_interface 4.2.4 [flutter plugin_platform_interface vector_math meta]
- geolocator_web 4.1.1 [flutter flutter_web_plugins geolocator_platform_interface web]
- geolocator_windows 0.2.3 [flutter geolocator_platform_interface]
- glob 2.1.2 [async collection file path string_scanner]
- google_identity_services_web 0.3.1+4 [meta web]
- google_maps 8.0.0 [meta web]
- google_maps_flutter_android 2.14.6 [flutter flutter_plugin_android_lifecycle google_maps_flutter_platform_interface stream_transform]
- google_maps_flutter_ios 2.13.0 [flutter google_maps_flutter_platform_interface stream_transform]
- google_maps_flutter_platform_interface 2.9.2 [collection flutter plugin_platform_interface stream_transform]
- google_maps_flutter_web 0.5.10 [collection flutter flutter_web_plugins google_maps google_maps_flutter_platform_interface sanitize_html stream_transform web]
- google_sign_in_android 6.1.30 [flutter google_sign_in_platform_interface]
- google_sign_in_ios 5.7.7 [flutter google_sign_in_platform_interface]
- google_sign_in_platform_interface 2.4.5 [flutter plugin_platform_interface]
- google_sign_in_web 0.12.4+2 [flutter flutter_web_plugins google_identity_services_web google_sign_in_platform_interface http web]
- graphs 2.3.2 [collection]
- html 0.15.4 [csslib source_span]
- http_multi_server 3.2.1 [async]
- http_parser 4.0.2 [collection source_span string_scanner typed_data]
- io 1.0.4 [meta path string_scanner]
- js 0.6.7 [meta]
- json_annotation 4.9.0 [meta]
- leak_tracker 10.0.5 [clock collection meta path vm_service]
- leak_tracker_flutter_testing 3.0.5 [flutter leak_tracker leak_tracker_testing matcher meta]
- leak_tracker_testing 3.0.1 [leak_tracker matcher meta]
- lints 4.0.0
- logging 1.2.0
- macros 0.1.2-main.4 [_macros]
- matcher 0.12.16+1 [async meta stack_trace term_glyph test_api]
- material_color_utilities 0.11.1 [collection]
- meta 1.15.0
- mime 1.0.6
- nested 1.0.0 [flutter]
- package_config 2.1.0 [path]
- path 1.9.0
- path_drawing 1.0.1 [vector_math meta path_parsing flutter]
- path_parsing 1.0.1 [vector_math meta]
- path_provider 2.1.4 [flutter path_provider_android path_provider_foundation path_provider_linux path_provider_platform_interface path_provider_windows]
- path_provider_android 2.2.10 [flutter path_provider_platform_interface]
- path_provider_foundation 2.4.0 [flutter path_provider_platform_interface]
- path_provider_linux 2.2.1 [ffi flutter path path_provider_platform_interface xdg_directories]
- path_provider_platform_interface 2.1.2 [flutter platform plugin_platform_interface]
- path_provider_windows 2.3.0 [ffi flutter path path_provider_platform_interface]
- petitparser 6.0.2 [meta]
- platform 3.1.5
- plugin_platform_interface 2.1.8 [meta]
- pool 1.5.1 [async stack_trace]
- pub_semver 2.1.4 [collection meta]
- pubspec_parse 1.3.0 [checked_yaml collection json_annotation pub_semver yaml]
- recase 4.1.0
- sanitize_html 2.1.0 [html meta]
- shared_preferences_android 2.3.2 [flutter shared_preferences_platform_interface]
- shared_preferences_foundation 2.5.2 [flutter shared_preferences_platform_interface]
- shared_preferences_linux 2.4.1 [file flutter path path_provider_linux path_provider_platform_interface shared_preferences_platform_interface]
- shared_preferences_platform_interface 2.4.1 [flutter plugin_platform_interface]
- shared_preferences_web 2.4.2 [flutter flutter_web_plugins shared_preferences_platform_interface web]
- shared_preferences_windows 2.4.1 [file flutter path path_provider_platform_interface path_provider_windows shared_preferences_platform_interface]
- shelf 1.4.1 [async collection http_parser path stack_trace stream_channel]
- shelf_web_socket 2.0.0 [shelf stream_channel web_socket_channel]
- sky_engine 0.0.99
- source_gen 1.5.0 [analyzer async build dart_style glob path source_span yaml]
- source_span 1.10.0 [collection path term_glyph]
- sprintf 7.0.0
- stack_trace 1.11.1 [path]
- stream_channel 2.1.2 [async]
- stream_transform 2.1.0
- string_scanner 1.2.0 [source_span]
- term_glyph 1.2.1
- test_api 0.7.2 [async boolean_selector collection meta source_span stack_trace stream_channel string_scanner term_glyph]
- timing 1.0.1 [json_annotation]
- typed_data 1.3.2 [collection]
- url_launcher_android 6.3.10 [flutter url_launcher_platform_interface]
- url_launcher_ios 6.3.1 [flutter url_launcher_platform_interface]
- url_launcher_linux 3.2.0 [flutter url_launcher_platform_interface]
- url_launcher_macos 3.2.0 [flutter url_launcher_platform_interface]
- url_launcher_platform_interface 2.3.2 [flutter plugin_platform_interface]
- url_launcher_web 2.3.3 [flutter flutter_web_plugins url_launcher_platform_interface web]
- url_launcher_windows 3.1.2 [flutter url_launcher_platform_interface]
- vector_graphics 1.1.11+1 [flutter http vector_graphics_codec]
- vector_graphics_codec 1.1.11+1
- vector_graphics_compiler 1.1.11+1 [args meta path_parsing xml vector_graphics_codec path]
- vector_math 2.1.4
- vm_service 14.2.5
- watcher 1.1.0 [async path]
- web 1.0.0
- web_socket 0.1.6 [web]
- web_socket_channel 3.0.1 [async crypto stream_channel web web_socket]
- win32 5.5.4 [ffi]
- xdg_directories 1.0.4 [meta path]
- xml 6.5.0 [collection meta petitparser]
- yaml 3.1.2 [collection source_span string_scanner]

Additional context and comments

No response