By default firebase's sending a link to verify the user email, but I want to send a otp with that email. So is there a way to customize that email or send a otp and then once the user entered the correct code on the app get Firebase to mark that user account to email verified?
What you're describing is quite literally what the default Firebase flow does: it send an email with a link that includes a OTP to verify the email address.
You can do a certain amount of customization of the email action handler page that the emails link to. If that is not enough, you will have to implement your own flow, and can then use the Admin SDK in a secure environment to mark the user's email as verified.
Related
My auth flow:
Firebase sendEmailVerification() needs an already authenticated user to work as the first arg.
My auth flow at the moment works like this.
Signing up the user with email and password signUpWithEmailAndPassword()
Now the firebase auth object contains the currentUser
Sending a verification mail to the just signed up user sendEmailVerification()
Logging him out and redirecting him to /email-verification where he can send the verification mail again.
Problem:
Now the problem. When the user now wants to request to send the email verification again I have three options for what I know.
Store email and password in state before logging him out -> and then logging him in again on sendAgain and logging him out afterward. Would that be a security concern?
Let him logged in the whole time. Which doesn't feel too good as he wouldn't be able to log himself out again as he officially isn't signed in till he verifies his email.
Force him to input his email and password again every time he wants to send the verification mail again, which feels redundant and old school.
If you require that the user verifies their email address in order to sign in, consider using the email link provider of Firebase Authentication.
Let him logged in the whole time. Which doesn't feel too good as he wouldn't be able to log himself out again as he officially isn't signed in till he verifies his email.
This logic may apply to your application, but it is simply not how the email+password provider in Firebase Authentication works. When the user enters the correct credentials, they are signed in to Firebase Authentication. If your app requires them to have verified their email address before they can use it, that's the exact check I'd recommend implementing.
So if you want to continue using the email+password provider, reframe the statement to:
In order to use the app, the user needs to sign in with their credentials and verify their email address.
You can then implement that in these two steps:
Ask them to sign in if they're not signed in already.
Then if the account doesn't have a verified email address, ask them to find the email and click the link - and give them to option to send another verification email.
I want to send email verification code (not link) to user's create an account on my website with email.
Using firebase authentication, the method is send Email Verification.
Problem is firebase sends a verification link to user's email. Is it possible to send verification code of 6 number to user's email if yes then how it can be done?
Thanks.
This question already has an answer here:
Verify a user's email address before confirming registration, with Flutter and Firebase
(1 answer)
Closed 1 year ago.
Is it Possible? can I send email verification before I create a user with email and password in Firebase authentication using flutter?
I wanted to know this because if I register the entered mail and then if I send email verification, then if the email account is not valid(i.e the email format is correct, but it is not present in google database to send link to email), then it would simply create a record in Firebase authentication which is a loss of storage, so I would like to know.
Thank you
There are two providers for signing in with email to Firebase:
Through Email+password. There is no way to require the user to verify their email address before they can sign in with this provider. You can of course prevent users without a verified email address from using the app, and accessing the data.
Through Email link. Here the user gets an email with a sign-in link, so their email address is implicitly verified as part of signing in.
If you want to require the user to verify their email address before they can sign in, it might be best to have them sign in through an email link.
In addition to #Frank's answer, when a user signs up you can send verification email to them. You can always check if the user has verified their email in your app by checking the isEmailVerified property as well as in security rules.
Talking of database storage, you can run a scheduled cloud function every midnight to delete data of users who have not verified their email.
You can refer to this answer for a detailed explanation on periodically deleting unverified users.
I'm making an iOS app where user sign in using email and password. When they enter both (email, password), then I want firebase to send verification code (not link) to verify user before they enter to the app, for security purposes. It is something like phoneAuth but I want it to be an email instead. Does firebase has this ability?
Nope, this is not something that is built into Firebase Authentication's email+password provider.
The simplest way I can think of getting close to this, is using the Admin SDK to generate an email verification link, parse the oobCode/actionCode out of that, and then in the client call applyActionCode to verify the email address (iOS API).
I am creating an app where the user has to signup with an Email and Password. I want firebase to first verify the email if it does exist and it is an email and sends a link to the user to verify the email after this creates the account in firebase. So how can I do it can anyone tell me?
This has been covered quite a few times before, so I'll provide some links below. The bottom line is that the Firebase email+password provider provides no way to require email verification before account creation. The closest it has to that is the email link provider, which sends an email that signs the user into an account (without entering a password).
Some previous questions on the topic:
Verify a user's email address before confirming registration, with Flutter and Firebase
Firebase email verification at SignUp
How to prevent user authentication in Firebase/Vue.js BEFORE email is verified
more...