Admin Authentication API Errors

Here is a full list of the error codes and descriptions, including recommended resolution steps, that are thrown by the Firebase Admin Node.js Authentication API:

Error Code Description and Resolution Steps
auth/claims-too-large The claims payload provided to setCustomUserClaims() exceeds the maximum allowed size of 1000 bytes.
auth/email-already-exists The provided email is already in use by an existing user. Each user must have a unique email.
auth/id-token-expired The provided Firebase ID token is expired.
auth/id-token-revoked The Firebase ID token has been revoked.
auth/insufficient-permission The credential used to initialize the Admin SDK has insufficient permission to access the requested Authentication resource. Refer to Set up a Firebase project for documentation on how to generate a credential with appropriate permissions and use it to authenticate the Admin SDKs.
auth/internal-error The Authentication server encountered an unexpected error while trying to process the request. The error message should contain the response from the Authentication server containing additional information. If the error persists, please report the problem to our Bug Report support channel.
auth/invalid-argument An invalid argument was provided to an Authentication method. The error message should contain additional information.
auth/invalid-claims The custom claim attributes provided to setCustomUserClaims() are invalid.
auth/invalid-continue-uri The continue URL must be a valid URL string.
auth/invalid-creation-time The creation time must be a valid UTC date string.
auth/invalid-credential The credential used to authenticate the Admin SDKs cannot be used to perform the desired action. Certain Authentication methods such as createCustomToken() and verifyIdToken() require the SDK to be initialized with a certificate credential as opposed to a refresh token or Application Default credential. See Initialize the SDK for documentation on how to authenticate the Admin SDKs with a certificate credential.
auth/invalid-disabled-field The provided value for the disabled user property is invalid. It must be a boolean.
auth/invalid-display-name The provided value for the displayName user property is invalid. It must be a non-empty string.
auth/invalid-dynamic-link-domain The provided dynamic link domain is not configured or authorized for the current project.
auth/invalid-email The provided value for the email user property is invalid. It must be a string email address.
auth/invalid-email-verified The provided value for the emailVerified user property is invalid. It must be a boolean.
auth/invalid-hash-algorithm The hash algorithm must match one of the strings in the list of supported algorithms.
auth/invalid-hash-block-size The hash block size must be a valid number.
auth/invalid-hash-derived-key-length The hash derived key length must be a valid number.
auth/invalid-hash-key The hash key must a valid byte buffer.
auth/invalid-hash-memory-cost The hash memory cost must be a valid number.
auth/invalid-hash-parallelization The hash parallelization must be a valid number.
auth/invalid-hash-rounds The hash rounds must be a valid number.
auth/invalid-hash-salt-separator The hashing algorithm salt separator field must be a valid byte buffer.
auth/invalid-id-token The provided ID token is not a valid Firebase ID token.
auth/invalid-last-sign-in-time The last sign-in time must be a valid UTC date string.
auth/invalid-page-token The provided next page token in listUsers() is invalid. It must be a valid non-empty string.
auth/invalid-password The provided value for the password user property is invalid. It must be a string with at least six characters.
auth/invalid-password-hash The password hash must be a valid byte buffer.
auth/invalid-password-salt The password salt must be a valid byte buffer
auth/invalid-phone-number The provided value for the phoneNumber is invalid. It must be a non-empty E.164 standard compliant identifier string.
auth/invalid-photo-url The provided value for the photoURL user property is invalid. It must be a string URL.
auth/invalid-provider-data The providerData must be a valid array of UserInfo objects.
auth/invalid-provider-id The providerId must be a valid supported provider identifier string.
auth/invalid-oauth-responsetype Only exactly one OAuth responseType should be set to true.
auth/invalid-session-cookie-duration The session cookie duration must be a valid number in milliseconds between 5 minutes and 2 weeks.
auth/invalid-uid The provided uid must be a non-empty string with at most 128 characters.
auth/invalid-user-import The user record to import is invalid.
auth/maximum-user-count-exceeded The maximum allowed number of users to import has been exceeded.
auth/missing-android-pkg-name An Android Package Name must be provided if the Android App is required to be installed.
auth/missing-continue-uri A valid continue URL must be provided in the request.
auth/missing-hash-algorithm Importing users with password hashes requires that the hashing algorithm and its parameters be provided.
auth/missing-ios-bundle-id The request is missing a Bundle ID.
auth/missing-uid A uid identifier is required for the current operation.
auth/missing-oauth-client-secret The OAuth configuration client secret is required to enable OIDC code flow.
auth/operation-not-allowed The provided sign-in provider is disabled for your Firebase project. Enable it from the Sign-in Method section of the Firebase console.
auth/phone-number-already-exists The provided phoneNumber is already in use by an existing user. Each user must have a unique phoneNumber.
auth/project-not-found No Firebase project was found for the credential used to initialize the Admin SDKs. Refer to Set up a Firebase project for documentation on how to generate a credential for your project and use it to authenticate the Admin SDKs.
auth/reserved-claims One or more custom user claims provided to setCustomUserClaims() are reserved. For example, OIDC specific claims such as (sub, iat, iss, exp, aud, auth_time, etc) should not be used as keys for custom claims.
auth/session-cookie-expired The provided Firebase session cookie is expired.
auth/session-cookie-revoked The Firebase session cookie has been revoked.
auth/too-many-requests The number of requests exceeds the maximum allowed.
auth/uid-already-exists The provided uid is already in use by an existing user. Each user must have a unique uid.
auth/unauthorized-continue-uri The domain of the continue URL is not whitelisted. Whitelist the domain in the Firebase Console.
auth/user-not-found There is no existing user record corresponding to the provided identifier.