diff --git a/src/main/java/com/google/firebase/auth/internal/AuthErrorHandler.java b/src/main/java/com/google/firebase/auth/internal/AuthErrorHandler.java
index 4b9523c83..50b2c1e6b 100644
--- a/src/main/java/com/google/firebase/auth/internal/AuthErrorHandler.java
+++ b/src/main/java/com/google/firebase/auth/internal/AuthErrorHandler.java
@@ -180,7 +180,7 @@ String buildMessage(AuthServiceErrorResponse response) {
 
   /**
    * JSON data binding for JSON error messages sent by Google identity toolkit service. These
-   * error messages take the form `{"error": {"message": "CODE: OPTIONAL DETAILS"}}`.
+   * error messages take the form `{"error": {"message": "CODE : OPTIONAL DETAILS"}}`.
    */
   private static class AuthServiceErrorResponse {
 
@@ -196,7 +196,7 @@ public String getCode() {
 
       int separator = message.indexOf(':');
       if (separator != -1) {
-        return message.substring(0, separator);
+        return message.substring(0, separator).trim();
       }
 
       return message;
diff --git a/src/test/java/com/google/firebase/auth/FirebaseAuthIT.java b/src/test/java/com/google/firebase/auth/FirebaseAuthIT.java
index 5862450ae..41ccc5c20 100644
--- a/src/test/java/com/google/firebase/auth/FirebaseAuthIT.java
+++ b/src/test/java/com/google/firebase/auth/FirebaseAuthIT.java
@@ -82,6 +82,7 @@ public class FirebaseAuthIT {
   private static final JsonFactory jsonFactory = ApiClientUtils.getDefaultJsonFactory();
   private static final HttpTransport transport = ApiClientUtils.getDefaultTransport();
   private static final String ACTION_LINK_CONTINUE_URL = "http://localhost/?a=1&b=2#c=3";
+  private static final String INVALID_ACTION_LINK_CONTINUE_URL = "http://www.localhost/?a=1&b=2#c=3";
 
   private static final FirebaseAuth auth = FirebaseAuth.getInstance(
       IntegrationTestUtils.ensureDefaultApp());
@@ -868,6 +869,31 @@ public void testGenerateSignInWithEmailLink() throws Exception {
     assertTrue(auth.getUser(user.getUid()).isEmailVerified());
   }
 
+  @Test
+  public void testAuthErrorCodeParse() throws Exception {
+    RandomUser user = UserTestUtils.generateRandomUserInfo();
+    temporaryUser.create(new UserRecord.CreateRequest()
+        .setUid(user.getUid())
+        .setEmail(user.getEmail())
+        .setEmailVerified(false)
+        .setPassword("password"));
+    try {
+      auth.generateSignInWithEmailLink(user.getEmail(), ActionCodeSettings.builder()
+          .setUrl(INVALID_ACTION_LINK_CONTINUE_URL)
+          .build());
+      fail("No error thrown for invlaid custom hosting domain");
+    } catch (FirebaseAuthException e) {
+      assertEquals(
+          "The domain of the continue URL is not whitelisted (UNAUTHORIZED_DOMAIN): Domain not "
+              + "allowlisted by project",
+          e.getMessage());
+      assertEquals(ErrorCode.INVALID_ARGUMENT, e.getErrorCode());
+      assertNotNull(e.getCause());
+      assertNotNull(e.getHttpResponse());
+      assertEquals(AuthErrorCode.UNAUTHORIZED_CONTINUE_URL, e.getAuthErrorCode());
+    }
+  }
+
   @Test
   public void testOidcProviderConfigLifecycle() throws Exception {
     // Create provider config