32

Flutter App Firebase Phone Authentication Error:

This request is missing a valid app identifier, meaning that neither safetyNet checks nor reCAPTCHA checks succeeded.

Please help me to solve this issue.

enter image description here

Himanshi Thakur
  • 2,077
  • 14
  • 32
Sadman Hossain Ridoy
  • 421
  • 1
  • 4
  • 5

6 Answers6

45

  1. Open android studio and click on gradle in right corner > click your project > select app > select tasks > select android > click on signing report > copy our SHA1 and SHA-256 from there.

  2. Add SHA1 and SHA-256 in your new firebase account .

  3. Add dependency in build.gradle(:app)

    implementation 'androidx.browser:browser:1.3.0'

  4. Go to google cloud console , select your project .

  5. Click on navigation menu and select APis & services and then select Dashboard .

  6. Click on enable api and services and enable api " Android Device Verification".

  7. Download and replace the latest google-services.json file in your project.

  8. Clean and rebuild project.

Check if you have completed all 7 steps in your proejct . If your app is live on plays store make sure your firebase project have release SHA1 key too . For more info about release and debug keys you can check. this

Himanshi Thakur
  • 2,077
  • 14
  • 32
  • 1
    actually works, thank you, can you please explain how logn SHA1 last, because I've been setting it up a few month ago and it happened after some time – Nikita Shadkov Dec 09 '21 at 09:09
  • do we need to add the SHA1 or SHA-256 in firebase? – Qadir Hussain Jul 13 '22 at 18:51
  • 1
    Enable "Android Device Verification" did it for me – user3162662 Oct 27 '22 at 08:18
  • If it didn't work for you. You can also refer this: https://stackoverflow.com/questions/64999106/how-to-disable-recaptcha-in-firebase-phone-auth-otp-android/65144360#65144360 Hope it helps. – Mohd Asim Feb 21 '23 at 17:34
  • for command line folks, find the keys through `gradle signingReport` – Stereo Mar 10 '23 at 15:32
  • `Android Device Verification` is replaced by `Google Play Integrity API`. So enable `Google Play Integrity API` and make sure to download and replace `google-services.json` file – Abu Saeed Jun 24 '23 at 06:35
13

This is happening because Firebase needs to verify if the phone number sign-in requests are coming from your app. For this, it uses either SafetyNet or reCAPTCHA verification. According to the documentation, in case the user doesn't have Google Play Services support(and in some other cases), a browser screen will open for captcha verification. Only after a successful verification, the OTP will be sent.

So, to enable SafetyNet and reCAPTCHA verification, follow these steps:

  • Go to Google Cloud Platform and ENABLE Android Device Verification.

  • Open your terminal and run

    keytool -list -v \

    -alias androiddebugkey -keystore ~/.android/debug.keystore

(For Windows, replace ~ with your user profile address)

  • When asked for password, enter 'android' (without quotes).

  • Copy the SHA1 and SHA256 certificate fingerprints printed on the Terminal.

  • Go to Settings in your Firebase Console and add both the fingerprints under the 'SHA certificate fingerprints' column. Ensure that there are no terminal spaces (else will give invalid string error).

  • Download the latest google-services.json from Firebase Console Settings and replace the older one in your project.

  • Add the following dependency in app-level build.gradle (because it needs to open browser for captcha verification)

    implementation 'androidx.browser:browser:1.3.0'

NOTE: Keep in mind that the project you're selecting after opening Google Cloud Platform is your concerned Firebase project. If your project doesn't show on the screen that opens, click on SELECT PROJECT, go to ALL tab and then select your project.

screenshot

Ishu Raj
  • 141
  • 1
  • 5
  • *SafetyNet is deprecated and is no longer accepting new projects; please use the Play Integrity API instead. Support for SafetyNet will be removed by the deprecation deadline.* – andreszs Aug 30 '23 at 21:57
5

If you used Play App Signing from Play Console you need to go under Release > Setup > App Integrity > App signing and copy the SHA-1/SHA-256 certificate fingerprint and paste it into Firebase Console > Your Apps > choose app > SHA certificate fingerprints > Add fingerprint

Salvatore Addimando
  • 61
  • 1
  • 5
4

It’s because of the SHA key.

Add a debug key + Add a release key into your firebase app.

user2294087
  • 81
  • 10
1

dependencies {
    implementation "org.jetbrains.kotlin:kotlin-stdlib-jdk8:$kotlin_version"
    implementation 'com.google.firebase:firebase-core:17.0.0'
    implementation 'com.google.firebase:firebase-appcheck-safetynet:16.0.0-beta05'
    implementation "org.jetbrains.kotlin:kotlin-reflect:1.6.10"
    implementation 'androidx.browser:browser:1.3.0' <*** add this line ***>
    implementation platform('com.google.firebase:firebase-bom:29.3.0')
    implementation 'com.google.firebase:firebase-auth'
    implementation 'com.google.android.gms:play-services-safetynet:18.0.1' <*** add this line ***>
}
  • keytool -list -v \ -alias androiddebugkey -keystore ~/.android/debug.keystore

SHA1 and SHA-256 on the firebase app on console and SafetyNet tab

zeev grim
  • 137
  • 1
  • 5
  • Is there anywhere in the documentation that it mentions this dependencies should be added? – Jorge Ferrari Feb 16 '23 at 13:58
  • @JorgeFerrari simply include [Firebase BOM 31.4.0](https://firebase.google.com/support/release-notes/android#2023-03-28) or newer which includes firebase-auth with Play Integrity support. – andreszs Aug 30 '23 at 21:59
0

You should add safety net implementation in your dependencies, android/app/build.gradle dependencies{ ... implementation 'com.google.firebase:firebase-appcheck-safetynet:16.0.0-beta04' }

Hrithik Mishra
  • 1
  • 2