EddyVerbruggen · erodriguezh · Jan 23, 2021
diff --git a/src/firebase.android.ts b/src/firebase.android.ts
@@ -1031,6 +1031,7 @@ firebase.login = arg => {
       firebase.moveLoginOptionsToObjects(arg);
 
       const firebaseAuth = com.google.firebase.auth.FirebaseAuth.getInstance();
+      let phoneAuthVerificationId = "";
       const onCompleteListener = new gmsTasks.OnCompleteListener({
         onComplete: task => {
           if (!task.isSuccessful()) {
@@ -1151,6 +1152,8 @@ firebase.login = arg => {
             }
           },
           onCodeSent: (verificationId, forceResendingToken) => {
+            // Keep track of the 'current' verificationId to avoid conflicts with previous ones wrongly input
+            phoneAuthVerificationId = verificationId;
             // If the device has a SIM card auto-verification may occur in the background (eventually calling onVerificationCompleted)
             // .. so the prompt would be redundant, but it's recommended by Google not to wait to long before showing the prompt
             setTimeout(() => {
@@ -1160,6 +1163,8 @@ firebase.login = arg => {
                   if (userResponse === undefined && firebase.reject) {
                     firebase.reject("Prompt was canceled");
                     return;
+                  } else if (phoneAuthVerificationId !== verificationId) {
+                    return;
                   }
                   const authCredential = com.google.firebase.auth.PhoneAuthProvider.getCredential(verificationId, userResponse);
                   const user = com.google.firebase.auth.FirebaseAuth.getInstance().getCurrentUser();

diff --git a/src/firebase.ios.ts b/src/firebase.ios.ts
@@ -919,6 +919,7 @@ firebase.getAuthToken = (arg: GetAuthTokenOptions): Promise<IdTokenResult> => {
 firebase.login = arg => {
   return new Promise((resolve, reject) => {
     try {
+      let phoneAuthVerificationId = "";
       const onCompletionWithAuthResult = (authResult: FIRAuthDataResult, error?: NSError) => {
         if (error) {
           // also disconnect from Google otherwise ppl can't connect with a different account
@@ -1021,11 +1022,15 @@ firebase.login = arg => {
             reject(error.localizedDescription);
             return;
           }
+          // Keep track of the 'current' verificationId to avoid conflicts with previous ones wrongly input
+          phoneAuthVerificationId = verificationID;
 
           firebase.requestPhoneAuthVerificationCode(userResponse => {
             if (userResponse === undefined) {
               reject("Prompt was canceled");
               return;
+            } else if (phoneAuthVerificationId !== verificationID) {
+              return;
             }
             const fIRAuthCredential = FIRPhoneAuthProvider.provider().credentialWithVerificationIDVerificationCode(verificationID, userResponse);
             if (firebase.fAuth.currentUser) {