React-native-firebase: Phone auth on android - error when confirming code 'auth/session-expired'

Does anyone have the same problem? Or decision?

@omgo Sorry for the lack of response, this one slipped through.

I've been doing lots of testing with signInWithPhoneNumber recently and haven't come across this issue so I'm not really sure what to suggest.

The only thing I can think is that there's too long a time happening between the initial request and confirming the code?

Just to confirm, are you handling the autoverified case in Android using the onAuthStateChanged listener?

@chrisbianca thank you for your answer.
Yes, I'm using onAuthStateChanged, and you know, actually phone auth sometimes is working, it really didn't work a few days ago (after getting code we were sending it in next 10 seconds - and 'session expired') but now it's working almost every time (sometimes still 'session expired'), it's like a magic)) I can't understand. Looks like issue can be closed

@omgo Sounds like it might be an internal Firebase issue then. I'm going to close, but please re-open if you keep running into problems.

@omgo I am having the same issue. In your case was consistent for a period of time and then it worked? Or just random? I'll try tomorrow but I wanted to be sure what is going on. Thanks!

Another weird thing. I just enabled the onAuthStateChanged and I do get a user every time I restart the app, like somehow I already got the user entity, however every time I want to verify the number, I get the SESSION_EXPIRED error.

@chrisbianca I just enabled the automatic verification and it works every single time. I do signout and as soon as the SMS gets into the phone, I receive the user and all the data.

However if I try to make it manually, I get the SESSION_EXPIRED. Could it be an issue with Android 7? I am using a Samsung S8. Maybe in the way the token is being sent when doing manually.

facing the same issue as @sfratini
React native 0.51.0
React native Firebase
Android 7.1.1

And i would like to add another point that the above mentioned issue happens only on a MI device

Is there any update on this issue? I am still receiving it.
Oneplus 5,
Android 8.0.0,
RN 0.53,
RN Firebase 3.2.7,
Firebase 11.6.0

If u have an onauthstatechanged() listener and also if you're trying to manually verify the phone number , you will get session expired everytime on Android ...

Reason :

• onauthstatechanged () will verify as soon as u get sms (automatically) ..so if you're trying to verify manually using the same sms it won't work.

Hope this helps.

@omgo I'm facing the same issue. did you find solution?

i am also facing same issue on android 7.0 only

I have the same problem on android MI A1 but my issue is like this:

if i use my own phone number on my MI A1 to get OTP, it will give the sms token has expired BUT if i use other people phone number on my MI A1 to get the OTP, it works

Any solution ?

Okay so what worked for me was to use verifyPhoneNumber instead of signInWithPhoneNumber. I don't have that problem anymore.

@WilliamAnputra How can I sign in with verifyPhoneNumber?

why firebase is still not solved firebase phone authentication verify code session expire? I am facing the same issue verify code expires within 10 seconds

@AmmarAshfaq this does not happen to me. I am literally testing this functionality on my app right now, works fine with all currently versions at least (RN0.59.5 / RNFirebase 5.3.1 / fully current firebase deps in gradle etc)

@mikehardy can you give me some hint because I am facing the same issue

The reason why this is happening (most likely) is it because Android already authenticated in the background and you are manually trying to sign in. Just implemente the onAuthStateChanged method and forget about the manual signIn, or just implement it for iOS and for Android just have another logic.

You will see that you get the user data even before the framework updates and recognizes the SMS.

sounds about right, I implemented it based on the example template in the docs on phoneVerify, and in my analytics at least, about 80% of android users are auto-verified by the framework so I imagine if you don't get this right you'll see the timeouts (false positives, really) all the time

I am still receiving it. Is there anyone to post some code?

Samsung Galaxy S7,
Android 8.0.0,
RN 0.57.5,
RN Firebase 5.3.0,
com.google.firebase:firebase-auth:17.0.0

Any solution yet?
Samsung S8 Android 9.0,
RN 0.59.9,
RN Firebase 5.5.4,

Any solution yet?
Samsung S8 Android 9.0,
RN 0.59.9,
RN Firebase 5.5.4,

Just see my answer above. Most likely the firebase already authenticated in the background right after getting the SMS and you are trying to confirm a code that was already confirmed.

https://github.com/invertase/react-native-firebase/issues/530#issuecomment-484480100

I've encountered this issue on newer Android devices only, and what they do is just after code is sent to your device, somehow, you're automatically signed in, which means: no need to open SMS, no need to enter code anywhere, which is imho really awful. I have additional screens between code confirmation and letting user into the app, which now I have to tweak, on Android only.
I was hoping to see that some kind of disabling this "feature" is possible, but nothing so far?

Apparently, some recent versions of Android are smart enough to receive the SMS verification code and use it to authenticate the user. This authentication happens in the background while the user still receives the verification code in an SMS. When the user tries to enter the verification code, he/she gets a message that the verification code expired, because Android has already used it (in the background) and has already logged in the user! To double-check that, check the Firebase Console. You should find that this new user has been added to the list of users.

To avoid receiving the verification code expiry message, we need to set up a listener for "authentication changes." As soon as Android logs in the user in the background, this listener should navigate the user away from the login screen, in which he/she was supposed to enter the verification code.

For an example implementation of this listener, please, check out my answer to the following stackoverflow question.
https://stackoverflow.com/questions/57054891/the-sms-code-has-expired-please-re-send-the-verification-code-to-try-again

@Bilal-Abdeen or the doc example https://rnfirebase.io/docs/v5.x.x/auth/phone-auth#Example (for RFNBv5) - it appears that it has not been ported to v6 but a PR for the official doc would be useful, the indicated method (using the listener to check for auto verify) is definitely the recommended style

Hello, I'm using phone auth, and it works on ios, but dont on android. After confirming code I get the error auth/session-expired - ofc I understand that is it mean, but I don't understand why, and how to fix it. Could you help me?

@tunm1228 android has the power to "auto verify" at the SDK level when it sees a code come through. Your code is already used in this case. Don't confirm explicitly unless you have to. Use the auth change listener instead