I am creating an app where the user has to signup with an Email and Password. I want firebase to first verify the email if it does exist and it is an email and sends a link to the user to verify the email after this creates the account in firebase. So how can I do it can anyone tell me?
This has been covered quite a few times before, so I'll provide some links below. The bottom line is that the Firebase email+password provider provides no way to require email verification before account creation. The closest it has to that is the email link provider, which sends an email that signs the user into an account (without entering a password).
Some previous questions on the topic:
Verify a user's email address before confirming registration, with Flutter and Firebase
Firebase email verification at SignUp
How to prevent user authentication in Firebase/Vue.js BEFORE email is verified
more...
Related
I am working on a mobile app, where I already set up the following authentications in firebase:
phone number (OTP)
Google login
Facebook login
Question 1: For users logged in via OTP, I would like to request their email address, and ask them for verifying. I dont need password, because they will still log in with their mobile number, I just want them to verify their chosen email address. How can I do that in firebase? I know its possible to ask for verification with email/password login, but I dont need any passwords. Maybe I shall just add a dummy password in the background?
Question 2: Users logged in via facebook already have an email address that they use to log in. However I want them to verify their email address. As far as i know, email verification in firebase only possible with email/password authentication. How can I do an email verification with facebook authentication? Or lets say user can type in any email address (without password), and I send them a verification email. It is basically the same problem as in 'question 1'
Question 3: Users logged in via facebook / google authentication. How can I verify their phone numbers? I assume I can just simply do an OTP verification and link it to their existing authentication right?
Thank you,
By default firebase's sending a link to verify the user email, but I want to send a otp with that email. So is there a way to customize that email or send a otp and then once the user entered the correct code on the app get Firebase to mark that user account to email verified?
What you're describing is quite literally what the default Firebase flow does: it send an email with a link that includes a OTP to verify the email address.
You can do a certain amount of customization of the email action handler page that the emails link to. If that is not enough, you will have to implement your own flow, and can then use the Admin SDK in a secure environment to mark the user's email as verified.
This question already has an answer here:
Verify a user's email address before confirming registration, with Flutter and Firebase
(1 answer)
Closed 1 year ago.
Is it Possible? can I send email verification before I create a user with email and password in Firebase authentication using flutter?
I wanted to know this because if I register the entered mail and then if I send email verification, then if the email account is not valid(i.e the email format is correct, but it is not present in google database to send link to email), then it would simply create a record in Firebase authentication which is a loss of storage, so I would like to know.
Thank you
There are two providers for signing in with email to Firebase:
Through Email+password. There is no way to require the user to verify their email address before they can sign in with this provider. You can of course prevent users without a verified email address from using the app, and accessing the data.
Through Email link. Here the user gets an email with a sign-in link, so their email address is implicitly verified as part of signing in.
If you want to require the user to verify their email address before they can sign in, it might be best to have them sign in through an email link.
In addition to #Frank's answer, when a user signs up you can send verification email to them. You can always check if the user has verified their email in your app by checking the isEmailVerified property as well as in security rules.
Talking of database storage, you can run a scheduled cloud function every midnight to delete data of users who have not verified their email.
You can refer to this answer for a detailed explanation on periodically deleting unverified users.
I'm in the middle of adding firebase email/password sign in inside a React app. Specifically, it's an e-commerce site, and users will be signed in anonymously before they create an account (for things like cart data).
Here's the ideal user flow:
User registers by providing an email and password
User is not signed in immediately and instead gets a verification email
If a user tries signing in before verifying their email, they cannot sign in
User then clicks on the verification link and can sign in
I'm having issues with #3 because it appears like the only way to check if an email is verified is by calling:
const { user } = await firebase
.auth()
.signInWithEmailAndPassword(email, password)
if (user?.emailVerified) //let them enter the dashboard
However, this process signs in the user even if the email is not verified. That destroys the data on the anonymous account. And merging the two accounts isn't possible because the user thinks they are not signed in (hence it could cause UX issues if the accounts are already merged).
Any ideas?
If you're using the email+password provider, there is no way to prevent the user from signing in without a verified email address. You can of course keep them from using your app and accessing data, but you can't keep them from signing in.
If you want to ensure the user can only sign in after their email address has been verified, consider using the email link provider. You can then later allow them to set a password on the same account, either through the Admin SDK, or by creating a email+password account and linking that with the email link account. Also see the documentation on differentiating email/password from email link for some of the nuances here.
I'm creating a flutter app with firebase.
I've added as one of my auth method, google sign in.
But if I register with the same email with an email and password,
and then sign in via google with the same email, firebase will change the provider of the user from email and password to google and when you'll try to login with email and password, the older password will not be vaild any more and you'll have to go through a password reset process.
How can I prevent firebase from changing the user provider?? Or how can check if this email is already registed in my firebase project (with the same email of course)???
Under authentication -> sign in methods
Activate: One account per email address.