112

I was testing my login/sign up feature and for some reason I can't understand Firebase now is blocking all requests from my device.

I've waited one day to try again, but I still have the same problem.

ERROR: "We have blocked all requests from this device due to unusual activity. Try again later."

What should I do to have access to my database again?

Ronan Boiteau
  • 9,608
  • 6
  • 34
  • 56
Eusthace
  • 3,601
  • 7
  • 34
  • 41

15 Answers15

146

If you use Phone Authentication, Here is what to do:

  1. Go to Firebase Console
  2. Authentication ==> Sign-in-method
  3. Go to "Phone" and pop-up will show
  4. Add your phone number at "Phone Numbers for testing" along with a verification code from your choice.

And it works now :)

Mohammed Hasan
  • 1,615
  • 2
  • 8
  • 13
  • Yup! Adding it for testing and then deleting seems to have "reset" this issue. Thanks! – Malfunction May 09 '19 at 10:02
  • 1
    with this my phone un blocked but I can't receive sms – Muhammad Oct 23 '19 at 12:08
  • 1
    Yes this works and now you have to use the 6 digit code as OTP because you are not going to recieve it not as it is a test phone now and no blockage – MR_AMDEV Apr 05 '20 at 17:59
  • 3
    If you get an error, firstly delete the user from the Authentication -> Users table, then add the phone number for testing. – Touré Holder Oct 28 '20 at 09:34
  • @Muhammad, since it is fictitious phone number, you won't receive an sms. Instead, you would directly have to type the verification code which you saved in console, alongside your phone number. – Divya Gupta Dec 03 '22 at 11:13
52

One of the possible solutions:

  1. Go to your Firebase console -> Auth -> Users table

  2. Locate the user you are testing.

  3. Delete this user.

  4. Retest.

Artyom Okun
  • 939
  • 1
  • 8
  • 14
43

I contacted firebase support and received this message:

The error "We have blocked all requests from this device due to unusual activity. Try again later." is usually thrown when a user is making SMS authentication requests to a certain number of times using the same phone number or IP address. These repeated requests are considered as a suspicious behavior which temporarily blocks the device or IP address.

Additionally, there's a limit of 5 SMS per phone number per 4 hours. With this, you may try doing the following to resolve the issue:

Reduce the frequency of attempts to avoid triggering the anti-abuse system Try using whitelisted phone numbers for testing your app Use multiple testing devices (as the limits are applied per IP or device) Wait for an hour for the quota to lift

I tried to increase the quota as per @lhk answer but there answer is the following:

You also mentioned that you have increased the quota to 1000 but it didn't work. Do note that this "Manage to sign up quota" field is intended for Email/Password and Anonymous sign-ups.

humazed
  • 74,687
  • 32
  • 99
  • 138
26

I've run into the same problem.

By default (for the free plan), firebase caps sign-ins to 100 per hour, per IP-address. This broke our automated testing. You can change the setting like this:

  • open console
  • open your project
  • go to "authentication"
  • go to "sign-in method"
  • scroll down to "manage sign-in quota"

That's it. Currently the maximum setting for this quota is 1000 per hour enter image description here.

lhk
  • 27,458
  • 30
  • 122
  • 201
12

This is one of many quirks that I am running into. While Firebase seems to be a nice framework/product/service, at the moment it doesn't seem to be totally ready for broad production deployment yet. In this case I only used one particular (fake) user for testing/debugging and only after just a few attempts (probably no more than 10 sign-ins), I ran into this issue. The funny thing is that my tests delete the fake test-user after each run so I couldn't see any user in my auth user table afterwards. The solution for me was to manually add that user via the "ADD USER" button and then delete it. I think they should have (at least as a workaround) a definable user that is for testing/debugging, who is not subject to this restriction, if they really feel they have to have such a (low) limit.

Kaamel
  • 1,852
  • 1
  • 19
  • 25
  • did you find any other solution? – Manspof Jun 20 '18 at 14:43
  • Sorry, this was related to a project I was working on at the time and since it solved my problem I never explored it any deeper. I have to admit that I have not seen it since then either. Any chance that you might be (inadvertently) creating too much traffic and exceeding a limit? Best of luck. – Kaamel Jun 25 '18 at 16:28
11

I have added my phone as a test number in the Sign-in method tab.

Actually this error occurs when your quota limit is exceeded.

Just add your number and testing OTP to get it worked.

enter image description here

Note: The testing number will not get any message of OTP as we already defined static OTP code.

Pratik Butani
  • 60,504
  • 58
  • 273
  • 437
  • I did this.But now how can I check that entered no and pwd are correct. I get the exception "com.google.firebase.auth.FirebaseAuthInvalidCredentialsException: The verification ID used to create the phone auth credential is invalid." when check – parita porwal Apr 27 '20 at 11:15
  • You can check [this answer](https://stackoverflow.com/a/64643033/1318946) or [this answer](https://stackoverflow.com/a/64619179/1318946) – Pratik Butani Nov 07 '20 at 04:58
  • Hi, i have quick question regarding firebase phone authentication my mobile number is with this format +201222222222 should i keep it like this or add spaces like this +20 122 222 2222 – kd12345 Oct 31 '22 at 08:23
  • You don't need to add the spaces. – Pratik Butani Nov 01 '22 at 11:52
5

See my answer at https://stackoverflow.com/a/39291794/18132

I went into firebase > Authentication > sign-in method > google and added my client id to the whitelist.

Community
  • 1
  • 1
Emad
  • 4,110
  • 5
  • 30
  • 35
  • 3
    What if I'm using email, rather than google sign-in method? There is only one setting "On/Off" inside. – mrded Sep 05 '16 at 18:08
5

I managed to get this working straight away by resetting the users password.

Steps are as follows:

  1. Go into your admin console, Authentication, Users
  2. Locate the user
  3. Click on the menu dots in the far right hand column
  4. Choose reset password, then click ok
  5. Follow the steps in the email when it comes through
robnordon
  • 490
  • 5
  • 7
  • 1
    Worked for me and much more convenient than deleting the entire user. – LordParsley Nov 03 '17 at 11:15
  • Worked also for me, thank you! After registering a user, Firebase kept giving me the error in op's title. With this method, after resetting the password, I got my email verified. – Claudiu Razlet Mar 15 '23 at 18:12
3

The error "We have blocked all requests from this device due to unusual activity. Try again later." is usually thrown when a user is making SMS authentication requests to a certain number of times using the same phone number or IP address. These repeated requests are considered as a suspicious behavior which temporarily blocks the device or IP address.

Additionally, there's a limit of 5 SMS per phone number per 4 hours. With this, you may try doing the following to resolve the issue:

Reduce the frequency of attempts to avoid triggering the anti-abuse system Try using whitelisted phone numbers for testing your app Use multiple testing devices (as the limits are applied per IP or device) Wait for an hour for the quota to lift

AshvinGudaliya
  • 3,234
  • 19
  • 37
Firenze
  • 365
  • 2
  • 11
2

Add that number of yours to Firebase as a tester. This way you can test it as many times as you can. Else multiple requests from one number to a project. Firebase deals it as a hacker and blocks it.

Add your number as Tester as: Go to -> Firebase Console -> Authentication -> Sign-in-method -> Edit Phone -> Phone numbers for testing (optional)

Add your phone number and verification code of your choice and that number will then work.

You will not get verification code from firebase, but you can give the verification code you set as a tester and can login through phone

Sajid Zeb
  • 1,806
  • 18
  • 32
1

One of the causes can be sending too may verification email to a user's email within a short duration of time. Try adding a duration timer and check if the verification message has been sent within the time duration.

emmanuel kofi
  • 131
  • 6
1

If you are doing tests a better way to go about it is to add the phone number as a test number Authentication > Sign in method > Phone. Then add the test number + the verification code you'll use

Nick Hargreaves
  • 436
  • 2
  • 7
0

I was facing the same issue and I solved this problem by Buying Blaze plan. This blocking seemed like a security measure on Firebase's side. If you are using Firebase for development purpose, buying the Blaze plan won't cost you any thing as it has the same quota of free services offered in Spark plan.

Rishabh Nigam
  • 223
  • 3
  • 10
0

Also, setting up Firebase Auth test phone numbers should help.

Per https://firebase.google.com/docs/auth/ios/phone-auth#test-with-fictional-phone-numbers:

Test with fictional phone numbers
You can set up fictional phone numbers for development via the Firebase console. Testing with fictional phone numbers provides these benefits:

  • Test phone number authentication without consuming your usage quota.
  • Test phone number authentication without sending an actual SMS message. Run consecutive tests with the same phone number without getting throttled. This minimizes the risk of rejection during App store review process if the reviewer happens to use the same phone number for testing.
  • Test readily in development environments without any additional effort, such as the ability to develop in an iOS simulator or an Android emulator without Google Play Services.
  • Write integration tests without being blocked by security checks normally applied on real phone numbers in a production environment.

Fictional phone numbers must meet these requirements:

  • Make sure you use phone numbers that are indeed fictional, and do not already exist. Firebase Authentication does not allow you to set existing phone numbers used by real users as test numbers.
    One option is to use 555 prefixed numbers as US test phone numbers, for example: +1 650-555-3434

  • Phone numbers have to be correctly formatted for length and other constraints. They will still go through the same validation as a real user's phone number.

  • You can add up to 10 phone numbers for development.

  • Use test phone numbers/codes that are hard to guess and change those frequently.

Create fictional phone numbers and verification codes

  • In the Firebase console, open the Authentication section.
  • In the Sign in method tab, enable the Phone provider if you haven't already.
  • Open the Phone numbers for testing accordion menu.
  • Provide the phone number you want to test, for example: +1 650-555-3434.
  • Provide the 6-digit verification code for that specific number, for example: 654321.
  • Add the number. If there's a need, you can delete the phone number and its code by hovering over the corresponding row and clicking the trash icon.
user
  • 3,388
  • 7
  • 33
  • 67
  • 1
    Test phone numbers don't use the verification service, so if you're trying to test your SHA-1/256 config updates worked, then it's not a valid test. They will work no matter what – SeanMC Sep 27 '21 at 20:38
0

To solve this problem I used a VPN app on the device. This helps avoid IP address restrictions.

But it is not clear how to help an angry app customer. Not all customers are ready to use vpn or wait for a phone number to be unlocked.

Deleting the user in the Firebase console or reinstalling the app didn't help.

Prilaga
  • 818
  • 10
  • 18