Firebase Phone Authentication in Flutter: Complete OTP Login System Guide

Introduction

Phone authentication is one of the most widely used login systems in modern mobile applications.

Instead of remembering passwords, users simply enter their phone number, receive a One-Time Password (OTP), and verify it.

Firebase provides a secure and scalable way to implement phone authentication in Flutter applications.

In this complete production-level guide, we will deeply explore:

• How phone authentication works internally
• Android setup requirements
• OTP sending process
• OTP verification process
• Auto-retrieval flow
• Error handling
• Resend OTP logic
• Production best practices

How Firebase Phone Authentication Works

The process follows this flow:

• User enters phone number
• Firebase sends OTP SMS
• User enters OTP
• Firebase verifies OTP
• User session is created

Step 1: Enable Phone Authentication

Go to Firebase Console → Authentication → Sign-in Method → Enable Phone.

Step 2: Add Required Package

dependencies:
  firebase_auth: latest_version

Run:

flutter pub get

Step 3: Verify Phone Number

FirebaseAuth.instance.verifyPhoneNumber(
  phoneNumber: '+911234567890',
  verificationCompleted: (PhoneAuthCredential credential) async {
    await FirebaseAuth.instance.signInWithCredential(credential);
  },
  verificationFailed: (FirebaseAuthException e) {
    print(e.message);
  },
  codeSent: (String verificationId, int? resendToken) {
    print("OTP sent");
  },
  codeAutoRetrievalTimeout: (String verificationId) {
    print("Auto retrieval timeout");
  },
);

Understanding Callbacks

verificationCompleted

Triggered when OTP is auto-detected (Android only).

verificationFailed

Triggered when number is invalid or quota exceeded.

codeSent

Triggered when OTP SMS is sent successfully.

codeAutoRetrievalTimeout

Triggered when auto-detection times out.

Step 4: Verify OTP Manually

Future verifyOTP(String verificationId, String smsCode) async {
  PhoneAuthCredential credential =
      PhoneAuthProvider.credential(
        verificationId: verificationId,
        smsCode: smsCode,
      );

  await FirebaseAuth.instance.signInWithCredential(credential);
}

Auto Retrieval (Android Only)

On Android, Firebase can automatically detect OTP without manual input.

On iOS, user must enter OTP manually.

Resend OTP Logic

FirebaseAuth.instance.verifyPhoneNumber(
  phoneNumber: '+911234567890',
  forceResendingToken: resendToken,
  ...
);

Common Errors

invalid-phone-number

Ensure phone number format includes country code.

too-many-requests

OTP request limit exceeded.

quota-exceeded

Free tier limit reached.

Access Authenticated User

User? user = FirebaseAuth.instance.currentUser;

print(user?.uid);
print(user?.phoneNumber);

Production Architecture Tip

Do not place authentication logic inside UI. Create a dedicated AuthService.

class AuthService {
  final FirebaseAuth _auth = FirebaseAuth.instance;

  Future sendOTP(String phone) async {
    await _auth.verifyPhoneNumber(
      phoneNumber: phone,
      verificationCompleted: (credential) async {
        await _auth.signInWithCredential(credential);
      },
      verificationFailed: (e) {
        print(e.message);
      },
      codeSent: (verificationId, resendToken) {
        print("OTP sent");
      },
      codeAutoRetrievalTimeout: (verificationId) {},
    );
  }
}

Security Best Practices

• Always use proper country code
• Enable Firebase App Check
• Configure Firestore security rules
• Limit OTP resend attempts

Important Note About Testing

Firebase provides test phone numbers in console. Use them for development to avoid quota issues.

Advantages of Phone Authentication

• Faster user onboarding
• No password management
• High user trust

Limitations

• SMS cost at scale
• OTP delay in some regions
• Requires real phone numbers

Conclusion

Firebase Phone Authentication is powerful and widely used, especially in regions where OTP login is preferred.

With proper error handling and architecture, you can build a secure and production-ready OTP login system.

Next, we will move to: Cloud Firestore Complete Guide (Database Deep Dive).