119

I was testing my login/sign up feature and for some reason I can't understand Firebase now is blocking all requests from my device.

I've waited one day to try again, but I still have the same problem.

ERROR: "We have blocked all requests from this device due to unusual activity. Try again later."

What should I do to have access to my database again?

Improve this question
9
  • 1
    Or wait and try again later, as the message says.
    – Frank van Puffelen
    Jun 2, 2016 at 21:18
  • 3
    I'm having the exact same problem! Caused by my testing of my authentication forms to ensure they handle errors properly. Firebase really should provide some way of resetting this.
    – Rob Gorman
    Jun 9, 2016 at 22:39
  • 4
    Delete your user and try again, it worked for me...
    – Eusthace
    Jun 9, 2016 at 22:41
  • 3
    I dont have a user in my auth user table but I still get the error.
    – jofftiquez
    Aug 5, 2016 at 16:42
  • 2
    I don't have an user and get the same error
    – Matt
    Aug 22, 2016 at 9:30

15 Answers 15

Reset to default
152

If you use Phone Authentication, Here is what to do:

  1. Go to Firebase Console
  2. Authentication ==> Sign-in-method
  3. Go to "Phone" and pop-up will show
  4. Add your phone number at "Phone Numbers for testing" along with a verification code from your choice.

And it works now :)

Improve this answer
5
  • Yup! Adding it for testing and then deleting seems to have "reset" this issue. Thanks!
    – Malfunction
    May 9, 2019 at 10:02
  • 1
    with this my phone un blocked but I can't receive sms
    – Muhammad
    Oct 23, 2019 at 12:08
  • 1
    Yes this works and now you have to use the 6 digit code as OTP because you are not going to recieve it not as it is a test phone now and no blockage
    – MR_AMDEV
    Apr 5, 2020 at 17:59
  • 3
    If you get an error, firstly delete the user from the Authentication -> Users table, then add the phone number for testing.
    – Touré Holder
    Oct 28, 2020 at 9:34
  • @Muhammad, since it is fictitious phone number, you won't receive an sms. Instead, you would directly have to type the verification code which you saved in console, alongside your phone number.
    – Divya Gupta
    Dec 3, 2022 at 11:13
55

One of the possible solutions:

  1. Go to your Firebase console -> Auth -> Users table

  2. Locate the user you are testing.

  3. Delete this user.

  4. Retest.

Improve this answer
8
  • 57
    I dont have a user in my auth user table but I still get the error.
    – jofftiquez
    Aug 5, 2016 at 16:42
  • 2
    I have user in table, I deleted but now working for me.
    – Jagruttam Panchal
    Oct 4, 2017 at 13:27
  • 23
    I deleted the user from the table but it still didn't work.
    – Jun
    Oct 5, 2017 at 19:26
  • 3
    Unfortunately didn't work for me, had to disconnect from wi-fi network and use mobile data, thanks anyway!
    – Michael
    Mar 13, 2018 at 13:12
  • 8
    I'm doing testing for the sms login and logout flow. Was interrupted by this abrupt message which hindered the testing process... Seriously?
    – user1872384
    Jul 13, 2018 at 6:55
43

I contacted firebase support and received this message:

The error "We have blocked all requests from this device due to unusual activity. Try again later." is usually thrown when a user is making SMS authentication requests to a certain number of times using the same phone number or IP address. These repeated requests are considered as a suspicious behavior which temporarily blocks the device or IP address.

Additionally, there's a limit of 5 SMS per phone number per 4 hours. With this, you may try doing the following to resolve the issue:

Reduce the frequency of attempts to avoid triggering the anti-abuse system Try using whitelisted phone numbers for testing your app Use multiple testing devices (as the limits are applied per IP or device) Wait for an hour for the quota to lift

I tried to increase the quota as per @lhk answer but there answer is the following:

You also mentioned that you have increased the quota to 1000 but it didn't work. Do note that this "Manage to sign up quota" field is intended for Email/Password and Anonymous sign-ups.

Improve this answer
0
26

I've run into the same problem.

By default (for the free plan), firebase caps sign-ins to 100 per hour, per IP-address. This broke our automated testing. You can change the setting like this:

  • open console
  • open your project
  • go to "authentication"
  • go to "sign-in method"
  • scroll down to "manage sign-in quota"

That's it. Currently the maximum setting for this quota is 1000 per hour enter image description here.

Improve this answer
3
  • 4
    Do you think in an hour are we able to test the same phone number 100 times? I mean really?
    – Kishan Solanki
    May 18, 2020 at 16:08
  • 2
    This is for sign-up not sign-in!
    – Akshay
    Dec 2, 2020 at 23:22
  • @Akshay exactly.
    – shawn1912
    Jun 20, 2021 at 11:57
12

This is one of many quirks that I am running into. While Firebase seems to be a nice framework/product/service, at the moment it doesn't seem to be totally ready for broad production deployment yet. In this case I only used one particular (fake) user for testing/debugging and only after just a few attempts (probably no more than 10 sign-ins), I ran into this issue. The funny thing is that my tests delete the fake test-user after each run so I couldn't see any user in my auth user table afterwards. The solution for me was to manually add that user via the "ADD USER" button and then delete it. I think they should have (at least as a workaround) a definable user that is for testing/debugging, who is not subject to this restriction, if they really feel they have to have such a (low) limit.

Improve this answer
2
  • did you find any other solution?
    – Manspof
    Jun 20, 2018 at 14:43
  • Sorry, this was related to a project I was working on at the time and since it solved my problem I never explored it any deeper. I have to admit that I have not seen it since then either. Any chance that you might be (inadvertently) creating too much traffic and exceeding a limit? Best of luck.
    – Kaamel
    Jun 25, 2018 at 16:28
12

I have added my phone as a test number in the Sign-in method tab.

Actually this error occurs when your quota limit is exceeded.

Just add your number and testing OTP to get it worked.

enter image description here

Note: The testing number will not get any message of OTP as we already defined static OTP code.

Improve this answer
4
  • I did this.But now how can I check that entered no and pwd are correct. I get the exception "com.google.firebase.auth.FirebaseAuthInvalidCredentialsException: The verification ID used to create the phone auth credential is invalid." when check
    – parita porwal
    Apr 27, 2020 at 11:15
  • You can check this answer or this answer
    – Pratik Butani
    Nov 7, 2020 at 4:58
  • Hi, i have quick question regarding firebase phone authentication my mobile number is with this format +201222222222 should i keep it like this or add spaces like this +20 122 222 2222
    – kd12345
    Oct 31, 2022 at 8:23
  • You don't need to add the spaces.
    – Pratik Butani
    Nov 1, 2022 at 11:52
5

See my answer at https://stackoverflow.com/a/39291794/18132

I went into firebase > Authentication > sign-in method > google and added my client id to the whitelist.

Improve this answer
1
  • 4
    What if I'm using email, rather than google sign-in method? There is only one setting "On/Off" inside.
    – mrded
    Sep 5, 2016 at 18:08
5

I managed to get this working straight away by resetting the users password.

Steps are as follows:

  1. Go into your admin console, Authentication, Users
  2. Locate the user
  3. Click on the menu dots in the far right hand column
  4. Choose reset password, then click ok
  5. Follow the steps in the email when it comes through
Improve this answer
2
  • 1
    Worked for me and much more convenient than deleting the entire user.
    – LordParsley
    Nov 3, 2017 at 11:15
  • Worked also for me, thank you! After registering a user, Firebase kept giving me the error in op's title. With this method, after resetting the password, I got my email verified.
    – Claudiu Razlet
    Mar 15, 2023 at 18:12
2

Add that number of yours to Firebase as a tester. This way you can test it as many times as you can. Else multiple requests from one number to a project. Firebase deals it as a hacker and blocks it.

Add your number as Tester as: Go to -> Firebase Console -> Authentication -> Sign-in-method -> Edit Phone -> Phone numbers for testing (optional)

Add your phone number and verification code of your choice and that number will then work.

You will not get verification code from firebase, but you can give the verification code you set as a tester and can login through phone

Improve this answer
2

The error "We have blocked all requests from this device due to unusual activity. Try again later." is usually thrown when a user is making SMS authentication requests to a certain number of times using the same phone number or IP address. These repeated requests are considered as a suspicious behavior which temporarily blocks the device or IP address.

Additionally, there's a limit of 5 SMS per phone number per 4 hours. With this, you may try doing the following to resolve the issue:

Reduce the frequency of attempts to avoid triggering the anti-abuse system Try using whitelisted phone numbers for testing your app Use multiple testing devices (as the limits are applied per IP or device) Wait for an hour for the quota to lift

Improve this answer
3
  • 1
    Can you share any documentation reference, where i can see how many OTP i can send per hour.
    – Nishant Singh
    Apr 25, 2022 at 6:41
  • localcoder.org/…
    – Firenze
    May 16, 2022 at 4:59
  • @Dmitry atleast look at the answered date and chatGPT release date before commenting. Thanks
    – Firenze
    Apr 2 at 8:55
1

One of the causes can be sending too may verification email to a user's email within a short duration of time. Try adding a duration timer and check if the verification message has been sent within the time duration.

Improve this answer
1

If you are doing tests a better way to go about it is to add the phone number as a test number Authentication > Sign in method > Phone. Then add the test number + the verification code you'll use

Improve this answer
0

I was facing the same issue and I solved this problem by Buying Blaze plan. This blocking seemed like a security measure on Firebase's side. If you are using Firebase for development purpose, buying the Blaze plan won't cost you any thing as it has the same quota of free services offered in Spark plan.

Improve this answer
0

Also, setting up Firebase Auth test phone numbers should help.

Per https://firebase.google.com/docs/auth/ios/phone-auth#test-with-fictional-phone-numbers:

Test with fictional phone numbers
You can set up fictional phone numbers for development via the Firebase console. Testing with fictional phone numbers provides these benefits:

  • Test phone number authentication without consuming your usage quota.
  • Test phone number authentication without sending an actual SMS message. Run consecutive tests with the same phone number without getting throttled. This minimizes the risk of rejection during App store review process if the reviewer happens to use the same phone number for testing.
  • Test readily in development environments without any additional effort, such as the ability to develop in an iOS simulator or an Android emulator without Google Play Services.
  • Write integration tests without being blocked by security checks normally applied on real phone numbers in a production environment.

Fictional phone numbers must meet these requirements:

  • Make sure you use phone numbers that are indeed fictional, and do not already exist. Firebase Authentication does not allow you to set existing phone numbers used by real users as test numbers.
    One option is to use 555 prefixed numbers as US test phone numbers, for example: +1 650-555-3434

  • Phone numbers have to be correctly formatted for length and other constraints. They will still go through the same validation as a real user's phone number.

  • You can add up to 10 phone numbers for development.

  • Use test phone numbers/codes that are hard to guess and change those frequently.

Create fictional phone numbers and verification codes

  • In the Firebase console, open the Authentication section.
  • In the Sign in method tab, enable the Phone provider if you haven't already.
  • Open the Phone numbers for testing accordion menu.
  • Provide the phone number you want to test, for example: +1 650-555-3434.
  • Provide the 6-digit verification code for that specific number, for example: 654321.
  • Add the number. If there's a need, you can delete the phone number and its code by hovering over the corresponding row and clicking the trash icon.
Improve this answer
1
  • 1
    Test phone numbers don't use the verification service, so if you're trying to test your SHA-1/256 config updates worked, then it's not a valid test. They will work no matter what
    – SeanMC
    Sep 27, 2021 at 20:38
0

To solve this problem I used a VPN app on the device. This helps avoid IP address restrictions.

But it is not clear how to help an angry app customer. Not all customers are ready to use vpn or wait for a phone number to be unlocked.

Deleting the user in the Firebase console or reinstalling the app didn't help.

Improve this answer

Not the answer you're looking for? Browse other questions tagged or ask your own question.