Can we access your project?
Current Behavior
Hi FlutterFlow team,
This may be related to #6638, but I am opening a new report because the original issue was created in Oct 2025 and I would like to confirm whether this is still unresolved in current FlutterFlow builds.
We are seeing a very similar issue in our production FlutterFlow project and would like to confirm whether this bug has already been fixed, or if there is a recommended workaround for current FlutterFlow builds.
Context
Project type:
- FlutterFlow app
- Firebase Authentication
- Built-in Phone Sign In action
- Platforms affected/tested: Web and iOS TestFlight
- Firebase project uses Identity Platform / Firebase Authentication
Firebase configuration:
- Phone provider is enabled
- SMS region policy is set to allowlist-only: Vietnam (VN)
- reCAPTCHA SMS Defense was enabled following Firebase Support guidance
- Phone authentication enforcement mode tested in AUDIT
- SMS fraud risk threshold tested at 0.8 and 0.9
- Platform site keys configured for Web, Android, and iOS
- App Check is registered for Web, Android, and iOS
Observed behavior
Web:
- Pressing the Phone Sign In / Send OTP action does not proceed to the OTP verification screen.
- Cloud Logging confirms that the request reaches Identity Platform:
- methodName: google.cloud.identitytoolkit.v1.AuthenticationService.SendVerificationCode
- phoneNumber format is correct E.164, for example +84904***383
- status.code: 13
- status.message: Error code: 39
- Cloud Monitoring shows:
- reCAPTCHA verdict_count has data
- reCAPTCHA token_count has data
- verdict_state = failed_in_audit
- sent_sms_count has no useful data
- blocked_sms_count has no useful data
iOS TestFlight:
This looks related to the issue described here, where Firebase Phone Auth requires reCAPTCHA Enterprise after recent firebase_auth changes, but FlutterFlow generated apps may not fully include/configure the required reCAPTCHA Enterprise integration.
Questions
- Has this confirmed bug been fixed in current FlutterFlow builds?
- Do FlutterFlow managed builds currently support Firebase Phone Authentication with reCAPTCHA SMS Defense / reCAPTCHA Enterprise enabled?
- For iOS managed builds, does FlutterFlow include/link the required reCAPTCHA Enterprise iOS SDK? The error we see is:
"The reCAPTCHA SDK is not linked to your app."
- If this is fixed, what FlutterFlow version / Firebase Auth package version / rebuild steps are required?
- If this is not fixed yet, is there any official workaround besides:
- exporting code and manually adding the native reCAPTCHA Enterprise SDK, or
- disabling Firebase Phone Auth and implementing custom OTP through Cloud Functions + an SMS provider?
- Is there a way inside FlutterFlow managed builds to pin/downgrade firebase_auth or add the required native iOS/Android reCAPTCHA Enterprise dependencies?
This is blocking phone-login production usage for our app. We can provide additional logs/screenshots if needed.
Thanks.
Expected Behavior
Firebase Phone Authentication should send the OTP successfully and trigger the normal FlutterFlow phone auth flow.
Expected behavior:
- On Web, the built-in Phone Sign In action should request the SMS verification code and continue to the OTP verification screen.
- On iOS TestFlight, the app should not fail with "The reCAPTCHA SDK is not linked to your app."
- If reCAPTCHA SMS Defense / reCAPTCHA Enterprise is required by Firebase Auth, FlutterFlow managed builds should include and configure the required SDKs automatically for Web, Android, and iOS, or provide a documented way to enable them.
Steps to Reproduce
- Create or open a FlutterFlow project with Firebase Authentication enabled.
- Enable Firebase Phone Authentication in Firebase Console.
- In FlutterFlow, add a phone number input page.
- Add FlutterFlow's built-in Firebase Phone Sign In / Send OTP action.
- Configure the app to send the phone number in E.164 format, for example +84904305383.
- In Firebase Console, enable reCAPTCHA SMS Defense for Firebase Authentication as advised by Firebase Support.
- Set Phone authentication enforcement mode to AUDIT.
- Configure the SMS fraud risk threshold, tested with both 0.8 and 0.9.
- Configure platform site keys for Web, Android, and iOS.
- Set SMS region policy to allowlist-only with Vietnam (VN).
- Run the app on Web and press the Send OTP button.
- Observe that the app does not proceed to the OTP verification screen.
- Check Google Cloud Logs Explorer:
- methodName: google.cloud.identitytoolkit.v1.AuthenticationService.SendVerificationCode
- status.code: 13
- status.message: Error code: 39
- Check Cloud Monitoring:
- reCAPTCHA verdict_count has data
- reCAPTCHA token_count has data
- verdict_state = failed_in_audit
- sent_sms_count has no useful data
- Build and test the iOS app via TestFlight.
- Press the Send OTP button.
- Observe the iOS error:
"The reCAPTCHA SDK is not linked to your app. See https://cloud.google.com/recaptcha-enterprise/docs/instrument-ios-apps"
Reproducible from Blank
Bug Report Code (Required)
IT4OheflzItOtbxY15PpbcdvoDwRNj8na4ZMl8JuUQs3JZ/NGu4MPsneVFRuZry7S2xheGeKgmAx1vfqv/HDCfFdaC6VG5hH1bVxWgHNQTilVqqTDbq3fW1SAtFgCkC91p67phNDBNZiLFY96jmlffKvcCvtN77MDDM0D8+LKdeK2SrDX1iXc2URm05KZDPz
Visual documentation
Additional evidence:
Firebase Support advised us to enable reCAPTCHA SMS Defense because real Vietnamese phone numbers were failing with Firebase Auth SMS error codes 39 and 13.
After enabling reCAPTCHA SMS Defense:
- Web requests reach Identity Platform but fail with Error code 39.
- Cloud Monitoring shows reCAPTCHA verdict_state = failed_in_audit.
- iOS TestFlight fails with "The reCAPTCHA SDK is not linked to your app."
This suggests FlutterFlow managed builds may not fully support Firebase Phone Auth with reCAPTCHA Enterprise / SMS Defense requirements.
Environment
- FlutterFlow version:
Current FlutterFlow web editor / managed build as of July 2026
- Platform:
Web Preview / FlutterFlow Test Mode
iOS TestFlight build
Firebase Authentication / Identity Platform
Firebase Phone Authentication
reCAPTCHA SMS Defense / reCAPTCHA Enterprise enabled
- Browser name and version:
Microsoft Edge / Chrome-based browser on Windows 10
User agent observed in Cloud Logging:
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/149.0.0.0 Safari/537.36 Edg/149.0.0.0
- Operating system and version affected:
Windows 10 for Web testing
iOS TestFlight build on iPhone
- Firebase / Google Cloud configuration:
Phone Authentication provider enabled
SMS region policy: allowlist-only, Vietnam (VN)
reCAPTCHA SMS Defense enabled
Phone authentication enforcement mode tested in AUDIT
SMS fraud risk threshold tested at 0.8 and 0.9
Web, Android, and iOS reCAPTCHA platform site keys configured
App Check registered for Web, Android, and iOS
Additional Information
This issue is blocking production phone login for our app.
Firebase Support advised us to enable reCAPTCHA SMS Defense because real Vietnamese phone numbers were failing with Firebase Auth SMS error codes 39 and 13.
After enabling reCAPTCHA SMS Defense, the behavior is:
Web:
- The FlutterFlow built-in Phone Sign In action does not proceed to the OTP verification screen.
- Cloud Logging confirms that the request reaches Identity Platform:
methodName: google.cloud.identitytoolkit.v1.AuthenticationService.SendVerificationCode
phoneNumber format received by Firebase is correct E.164, e.g. +84904***383
status.code: 13
status.message: Error code: 39
- Cloud Monitoring shows:
reCAPTCHA verdict_count has data
reCAPTCHA token_count has data
verdict_state = failed_in_audit
sent_sms_count has no useful data
blocked_sms_count has no useful data
iOS TestFlight:
We also tested in Incognito and the issue persists.
This looks related to Firebase Phone Auth now requiring reCAPTCHA Enterprise / SMS Defense support, but FlutterFlow managed builds may not be fully linking or configuring the required SDKs, especially on iOS.
We need to confirm whether FlutterFlow managed builds currently support Firebase Phone Auth with reCAPTCHA SMS Defense / reCAPTCHA Enterprise enabled, and whether there is an official workaround if not.
Can we access your project?
Current Behavior
Hi FlutterFlow team,
This may be related to #6638, but I am opening a new report because the original issue was created in Oct 2025 and I would like to confirm whether this is still unresolved in current FlutterFlow builds.
We are seeing a very similar issue in our production FlutterFlow project and would like to confirm whether this bug has already been fixed, or if there is a recommended workaround for current FlutterFlow builds.
Context
Project type:
Firebase configuration:
Observed behavior
Web:
iOS TestFlight:
"The reCAPTCHA SDK is not linked to your app. See https://cloud.google.com/recaptcha-enterprise/docs/instrument-ios-apps"
This looks related to the issue described here, where Firebase Phone Auth requires reCAPTCHA Enterprise after recent firebase_auth changes, but FlutterFlow generated apps may not fully include/configure the required reCAPTCHA Enterprise integration.
Questions
"The reCAPTCHA SDK is not linked to your app."
This is blocking phone-login production usage for our app. We can provide additional logs/screenshots if needed.
Thanks.
Expected Behavior
Firebase Phone Authentication should send the OTP successfully and trigger the normal FlutterFlow phone auth flow.
Expected behavior:
Steps to Reproduce
"The reCAPTCHA SDK is not linked to your app. See https://cloud.google.com/recaptcha-enterprise/docs/instrument-ios-apps"
Reproducible from Blank
Bug Report Code (Required)
IT4OheflzItOtbxY15PpbcdvoDwRNj8na4ZMl8JuUQs3JZ/NGu4MPsneVFRuZry7S2xheGeKgmAx1vfqv/HDCfFdaC6VG5hH1bVxWgHNQTilVqqTDbq3fW1SAtFgCkC91p67phNDBNZiLFY96jmlffKvcCvtN77MDDM0D8+LKdeK2SrDX1iXc2URm05KZDPz
Visual documentation
Additional evidence:
Firebase Support advised us to enable reCAPTCHA SMS Defense because real Vietnamese phone numbers were failing with Firebase Auth SMS error codes 39 and 13.
After enabling reCAPTCHA SMS Defense:
This suggests FlutterFlow managed builds may not fully support Firebase Phone Auth with reCAPTCHA Enterprise / SMS Defense requirements.
Environment
Additional Information
This issue is blocking production phone login for our app.
Firebase Support advised us to enable reCAPTCHA SMS Defense because real Vietnamese phone numbers were failing with Firebase Auth SMS error codes 39 and 13.
After enabling reCAPTCHA SMS Defense, the behavior is:
Web:
methodName: google.cloud.identitytoolkit.v1.AuthenticationService.SendVerificationCode
phoneNumber format received by Firebase is correct E.164, e.g. +84904***383
status.code: 13
status.message: Error code: 39
reCAPTCHA verdict_count has data
reCAPTCHA token_count has data
verdict_state = failed_in_audit
sent_sms_count has no useful data
blocked_sms_count has no useful data
iOS TestFlight:
"The reCAPTCHA SDK is not linked to your app. See https://cloud.google.com/recaptcha-enterprise/docs/instrument-ios-apps"
We also tested in Incognito and the issue persists.
This looks related to Firebase Phone Auth now requiring reCAPTCHA Enterprise / SMS Defense support, but FlutterFlow managed builds may not be fully linking or configuring the required SDKs, especially on iOS.
We need to confirm whether FlutterFlow managed builds currently support Firebase Phone Auth with reCAPTCHA SMS Defense / reCAPTCHA Enterprise enabled, and whether there is an official workaround if not.