`verifyPhoneNumber` errors with `auth/invalid-app-credential` only on localhost

[MaciejCaputa]

Operating System

macOS Sonoma 14.2.1

Browser Version

Chrome 126.0.6478.183

Firebase SDK Version

10.12.4

Firebase SDK Product:

AppCheck, Auth

Describe your project's tooling

Next.js using firebase app check with reCAPTCHA Enterprise with configured debug app check token

Describe the problem

On localhost verifyPhoneNumber calls following endpoint

https://identitytoolkit.googleapis.com/v2/accounts/mfaSignIn:start?key=<api-key>

which returns

{
  "error": {
    "code": 400,
    "message": "INVALID_APP_CREDENTIAL",
    "status": "INVALID_ARGUMENT"
  }
}

Steps and code to reproduce issue

1. Call verifyPhoneNumber in multifactor authentication flow on localhost

Important facts

• Interestingly,verifyPhoneNumber work perfectly fine, but stopped working couple of days ago only when developing locally on localhost
• The deployed (hosted on Vercel) even after redeployment continue to work just fine
• Similar issue reported here https://www.reddit.com/r/Firebase/comments/1e8pdcf/firebase_error_authinvalidappcredentials_in/

[google-oss-bot]

I couldn't figure out how to label this issue, so I've labeled it for a human to triage. Hang tight.

[odina101]

firebase has issue on its servers

[shahsagarm]

I'm also facing the same exact issue. It suddenly stopped working locally but on deployed version (vercel) it works fine with same firebase config.

[MaciejCaputa]

firebase has issue on its servers

Do they know they have an issue? Are they working on the fix? Is there a ticket we can track?

[ricardodebeijer]

We are also having this issue, with a Ionic Cordova app, since past friday.
We have a P1 ticket opened at GCP support currently.

[Sam-Persoon]

We also have a ticket opened at GCP. For those that want a temporary workaround, you can serve on 127.0.0.1 instead of localhost and add 127.0.0.1 in Firebase console -> authentication -> settings -> authorised domains.

[MaciejCaputa]

We also have a ticket opened at GCP. For those that want a temporary workaround, you can serve on 127.0.0.1 instead of localhost and add 127.0.0.1 in Firebase console -> authentication -> settings -> authorised domains.

I tried 127.0.0.1 and added it as an authorized domain, but it didn't work for me. Perhaps it is because we use reCaptcha Enterprise where we don't have whitelisted 127.0.0.1

[LizDodion]

Also seeing this

I added 127.0.0.1 as an authorised domain and switched our app to do that and it worked fine

Would be great if firebase can fix asap as we have a lot of other apps that need to be reconfigured and don't want to have to add everywhere