This question already has answers here:
Is it Possible? sending email verification before a record is created in firebase authentication? [duplicate]
(2 answers)
Verify a user's email address before confirming registration, with Flutter and Firebase
(1 answer)
Closed 1 year ago.
I have a Flutter mobile application which uses the Firebase email authentication. Users register themselves by entering username, password, current country and first and last name. When they register, I create a user document under the users collection which will have email as an id, first, last name, country, notification token. However once they verify their email address then only they can use all the features of the app.
My problem is, some users enters junk email address which does not exists. Due to this, I am ending up with having wrong email address in the Authentication as well as in my Firestore user collection too. Also as these are junk email addresses, they will never be able to verify and login.
Right now I have a Firebase scheduler function that deletes these unverified users (older than 30 days) from the Authentication as well as user collection.
I don't want to create any entry in the Firebase authentication as well as in the users collection until and unless the user verifies their email address. Or is there any other way to achieve this?
Thank you
One solution is to use Email Link authentication: the account will be created when the user completes the process.
Paul Ruiz (Firebaser) has written a complete article detailing how to implement this option: See the "Email Link (Passwordless Sign-In)" section.
FYI, the equivalent doc for the iOS and Android SDKs can be find here and here.
Related
I'm using a Firebase phone auth as primary authentication. Since the phone is vulnerable, I want to link an email address to it that the user can use to access his account to change his phone number in case he lost his phone or got stolen. I can't find a way how to do it.
I saw a method currentUser.linkWithPhoneNumber(). However, reading its documentation, it says it is only supported on web platforms. Is there any other way to make this possible?
When you authenticate a user with a phone number, the only data that you have inside the FirebaseUser object when the authentication completes, are the UID and the phone number. If you need to add an email address to an existing account, you can request the user to provide an email address. Once you have that, you can update the email address using the FirebaseUser#updateEmail(String email) function. As soon as the account is updated, you can add any functionality related to that email address.
Since you didn't specify a programming language, I linked that function to the Android docs, but certainly, you can do the same thing in the case of any other programming languages.
upon further reading, i found Email Link Authentication that answered everything i've asked.
Linking/re-authentication with email link You can also link this method of authentication to an existing user. For example a user previously authenticated with another provider, such as a phone number, can add this method of sign-in to their existing account.
https://firebase.google.com/docs/auth/flutter/email-link-auth
This question already has an answer here:
Verify a user's email address before confirming registration, with Flutter and Firebase
(1 answer)
Closed 1 year ago.
Is it Possible? can I send email verification before I create a user with email and password in Firebase authentication using flutter?
I wanted to know this because if I register the entered mail and then if I send email verification, then if the email account is not valid(i.e the email format is correct, but it is not present in google database to send link to email), then it would simply create a record in Firebase authentication which is a loss of storage, so I would like to know.
Thank you
There are two providers for signing in with email to Firebase:
Through Email+password. There is no way to require the user to verify their email address before they can sign in with this provider. You can of course prevent users without a verified email address from using the app, and accessing the data.
Through Email link. Here the user gets an email with a sign-in link, so their email address is implicitly verified as part of signing in.
If you want to require the user to verify their email address before they can sign in, it might be best to have them sign in through an email link.
In addition to #Frank's answer, when a user signs up you can send verification email to them. You can always check if the user has verified their email in your app by checking the isEmailVerified property as well as in security rules.
Talking of database storage, you can run a scheduled cloud function every midnight to delete data of users who have not verified their email.
You can refer to this answer for a detailed explanation on periodically deleting unverified users.
This question already has answers here:
Firebase authentication email customisation
(4 answers)
Closed 4 years ago.
The community reviewed whether to reopen this question 1 year ago and left it closed:
Original close reason(s) were not resolved
Firebase supports password-less email logins. A user provides their email, and then Firebase emails them a login link.
https://firebase.google.com/docs/auth/web/email-link-auth
However, I don't see any way to change the email text. This is the default:
Sign in to project-XXXX
Hello,
We received a request to sign in to project-XXXX using this email address. If you want to sign in with your XXXX#XXXX.com account, click this link:
Sign in to project-XXXX
If you did not request this link, you can safely ignore this email.
Thanks,
Your project-XXXX team
The Authentication > Templates section of Firebase Console only shows the following options. None of them match the text above:
You cannot, Firebase prevent this in order to avoid being used for spam. If you want to change the email, you need to handle the flow by yourself.
More info/references:
https://stackoverflow.com/a/50077575/5869296
The way Firebase has the message content locked down makes sense to me (I am currently using the Firebase email/password authentication) -or I should say, makes sense for at least specifically for the password reset message.
For the email confirmation message, as #Kayce pointed out, user has to be logged in. I can only imagine that there was some security/spam concern that Firebase folks thought of that I cannot come up with.
If customization was allowed for password reset messages, anyone with an email list that they want to spam can write a simple app, customize the message to whatever they want and have Firebase send that message to any email address that they want to spam (but I understand the question was about email verification emails).
Strangely, they do allow edits of the password reset emails.
This question already has answers here:
How do I return a list of users if I use the Firebase simple username & password authentication
(7 answers)
Closed 6 years ago.
I'm using email/password authentication in Firebase. So every user has an email address. My users are in groups, and I want each user to be able to see all the other users in the group. Specifically, I want to display a list of emails in the frontend to the user. My question is not about how to make rules for that, but rather, how do I get a user's email addresses given a user ID? Note that I'm asking about getting a list of other users, not the currently signed in user.
I haven't found any SO answers showing how to get the email address of another user via auth(). I've seen suggestions to place the email in the /users collection under the user ID, but that seems incredible brittle to me to store the email addresses in both auth() and /users/$userId. Changing email addresses will be a nightmare. So there must be a way to get the emails from auth(), right?
Thanks!
If you want to retrieve the email address of a specific user, you can use the new Firebase Admin SDK.
admin.auth().getUser(uid)
.then(function(userRecord) {
// See the tables below for the contents of userRecord
console.log("Successfully fetched user data:", userRecord.toJSON());
})
.catch(function(error) {
console.log("Error fetching user data:", error);
})
See the documentation on retrieving user data.
As its name implies, the Admin SDK runs with elevated authorization and thus should only be run on trusted hardware, e.g. an application server you control.
As I commented: there is no API to get a list of users.
This question already has answers here:
How do I return a list of users if I use the Firebase simple username & password authentication
(7 answers)
Closed 6 years ago.
I am working on an android app based on Firebase and I am creating registration using authentication of users with their email addresses and passwords with method signInWithEmailAndPassword, I am able register multiple users and also able to see user on Firebase console. But, I want to get the list of all the registered users on Firebase Auth. I can get the current user using FirebaseAuth.getInstance().getCurrentUser(). But, I want to list all the registered users. So, is there anyway I can get the list of registered users?
You can't
The explanation is here How do I return a list of users if I use the Firebase simple username & password authentication
You can instead set the user's uid to users node in your database, I use that node to store other user's information. then you can get the number of childs under that node.