Here is a full list of the error codes and descriptions, including recommended resolution steps, that are thrown by the Firebase Admin Node.js Authentication API:
| Error Code | Description and Resolution Steps |
|---|---|
auth/claims-too-large |
The claims payload provided to setCustomUserClaims() exceeds
the maximum allowed size of 1000 bytes.
|
auth/email-already-exists |
The provided email is already in use by an existing user. Each user must have a unique email. |
auth/id-token-expired |
The provided Firebase ID token is expired. |
auth/id-token-revoked |
The Firebase ID token has been revoked. |
auth/insufficient-permission |
The credential used to initialize the Admin SDK has insufficient permission to access the requested Authentication resource. Refer to Set up a Firebase project for documentation on how to generate a credential with appropriate permissions and use it to authenticate the Admin SDKs. |
auth/internal-error |
The Authentication server encountered an unexpected error while trying to process the request. The error message should contain the response from the Authentication server containing additional information. If the error persists, please report the problem to our Bug Report support channel. |
auth/invalid-argument |
An invalid argument was provided to an Authentication method. The error message should contain additional information. |
auth/invalid-claims |
The custom claim attributes provided to setCustomUserClaims()
are invalid.
|
auth/invalid-continue-uri
|
The continue URL must be a valid URL string. |
auth/invalid-creation-time
|
The creation time must be a valid UTC date string. |
auth/invalid-credential |
The credential used to authenticate the Admin SDKs cannot be used to
perform the desired action. Certain Authentication methods such as
createCustomToken() and verifyIdToken() require
the SDK to be initialized with a certificate credential as opposed to a
refresh token or Application Default credential. See
Initialize the SDK for
documentation on how to authenticate the Admin SDKs with a certificate
credential.
|
auth/invalid-disabled-field |
The provided value for the disabled user property is
invalid. It must be a boolean.
|
auth/invalid-display-name |
The provided value for the displayName user property is
invalid. It must be a non-empty string.
|
auth/invalid-dynamic-link-domain |
The provided dynamic link domain is not configured or authorized for the current project. |
auth/invalid-email |
The provided value for the email user property is invalid.
It must be a string email address.
|
auth/invalid-email-verified |
The provided value for the emailVerified user property is
invalid. It must be a boolean.
|
auth/invalid-hash-algorithm |
The hash algorithm must match one of the strings in the list of supported algorithms. |
auth/invalid-hash-block-size
|
The hash block size must be a valid number. |
auth/invalid-hash-derived-key-length
|
The hash derived key length must be a valid number. |
auth/invalid-hash-key
|
The hash key must a valid byte buffer. |
auth/invalid-hash-memory-cost
|
The hash memory cost must be a valid number. |
auth/invalid-hash-parallelization
|
The hash parallelization must be a valid number. |
auth/invalid-hash-rounds
|
The hash rounds must be a valid number. |
auth/invalid-hash-salt-separator
|
The hashing algorithm salt separator field must be a valid byte buffer. |
auth/invalid-id-token |
The provided ID token is not a valid Firebase ID token. |
auth/invalid-last-sign-in-time
|
The last sign-in time must be a valid UTC date string. |
auth/invalid-page-token |
The provided next page token in listUsers() is invalid. It
must be a valid non-empty string.
|
auth/invalid-password |
The provided value for the password user property is invalid.
It must be a string with at least six characters.
|
auth/invalid-password-hash
|
The password hash must be a valid byte buffer. |
auth/invalid-password-salt
|
The password salt must be a valid byte buffer |
auth/invalid-phone-number |
The provided value for the phoneNumber is invalid. It must be
a non-empty E.164 standard compliant identifier string.
|
auth/invalid-photo-url |
The provided value for the photoURL user property is invalid.
It must be a string URL.
|
auth/invalid-provider-data
|
The providerData must be a valid array of UserInfo objects. |
auth/invalid-provider-id
|
The providerId must be a valid supported provider identifier string. |
auth/invalid-oauth-responsetype
|
Only exactly one OAuth responseType should be set to true.
|
auth/invalid-session-cookie-duration |
The session cookie duration must be a valid number in milliseconds between 5 minutes and 2 weeks. |
auth/invalid-uid |
The provided uid must be a non-empty string with at most
128 characters.
|
auth/invalid-user-import
|
The user record to import is invalid. |
auth/maximum-user-count-exceeded
|
The maximum allowed number of users to import has been exceeded. |
auth/missing-android-pkg-name
|
An Android Package Name must be provided if the Android App is required to be installed. |
auth/missing-continue-uri
|
A valid continue URL must be provided in the request. |
auth/missing-hash-algorithm
|
Importing users with password hashes requires that the hashing algorithm and its parameters be provided. |
auth/missing-ios-bundle-id
|
The request is missing a Bundle ID. |
auth/missing-uid |
A uid identifier is required for the current operation.
|
auth/missing-oauth-client-secret |
The OAuth configuration client secret is required to enable OIDC code flow. |
auth/operation-not-allowed |
The provided sign-in provider is disabled for your Firebase project. Enable it from the Sign-in Method section of the Firebase console. |
auth/phone-number-already-exists |
The provided phoneNumber is already in use by an existing
user. Each user must have a unique phoneNumber.
|
auth/project-not-found |
No Firebase project was found for the credential used to initialize the Admin SDKs. Refer to Set up a Firebase project for documentation on how to generate a credential for your project and use it to authenticate the Admin SDKs. |
auth/reserved-claims |
One or more custom user claims provided to
setCustomUserClaims() are reserved. For example,
OIDC specific claims such as (sub, iat, iss, exp, aud, auth_time, etc)
should not be used as keys for custom claims.
|
auth/session-cookie-expired |
The provided Firebase session cookie is expired. |
auth/session-cookie-revoked |
The Firebase session cookie has been revoked. |
auth/too-many-requests |
The number of requests exceeds the maximum allowed. |
auth/uid-already-exists |
The provided uid is already in use by an existing user. Each
user must have a unique uid.
|
auth/unauthorized-continue-uri |
The domain of the continue URL is not whitelisted. Whitelist the domain in the Firebase Console. |
auth/user-not-found |
There is no existing user record corresponding to the provided identifier. |