I'm developing a firebase web project where user can sign up and login via email / password.
Right now, when I send a verification email (firebase.auth().currentUser.sendEmailVerification()).
When I receive the email (few seconds later) and follow the link, I just get this error:
However, my email is still not verified - and there are no further error messages. How can I complete the email verification?
Retrying the procedure gives me a different link each time, but with the same result.
Related
When my app calls linkWithCredential Firebase sends an email titled "Your sign-in email was changed" automatically.
This happens when an user enters the email address different from the current one.
Is there any way to prevent Firebase from sending such email?
I'm trying with firebase v9.10.0 npm package.
The message is sent to the user's current email address to alert them to the change of their sign-in method/credentials. There is no way to control whether Firebase sends this email on calling the linkWithCredential API.
I recommend looking at the flow of your code, as wanting to suppress this message typically means that you're doing something unexpected. For example, if you know the user's current email address, it's probably better to detect when they enter a different value before calling the Firebase API, and ask them to confirm the value.
My auth flow:
Firebase sendEmailVerification() needs an already authenticated user to work as the first arg.
My auth flow at the moment works like this.
Signing up the user with email and password signUpWithEmailAndPassword()
Now the firebase auth object contains the currentUser
Sending a verification mail to the just signed up user sendEmailVerification()
Logging him out and redirecting him to /email-verification where he can send the verification mail again.
Problem:
Now the problem. When the user now wants to request to send the email verification again I have three options for what I know.
Store email and password in state before logging him out -> and then logging him in again on sendAgain and logging him out afterward. Would that be a security concern?
Let him logged in the whole time. Which doesn't feel too good as he wouldn't be able to log himself out again as he officially isn't signed in till he verifies his email.
Force him to input his email and password again every time he wants to send the verification mail again, which feels redundant and old school.
If you require that the user verifies their email address in order to sign in, consider using the email link provider of Firebase Authentication.
Let him logged in the whole time. Which doesn't feel too good as he wouldn't be able to log himself out again as he officially isn't signed in till he verifies his email.
This logic may apply to your application, but it is simply not how the email+password provider in Firebase Authentication works. When the user enters the correct credentials, they are signed in to Firebase Authentication. If your app requires them to have verified their email address before they can use it, that's the exact check I'd recommend implementing.
So if you want to continue using the email+password provider, reframe the statement to:
In order to use the app, the user needs to sign in with their credentials and verify their email address.
You can then implement that in these two steps:
Ask them to sign in if they're not signed in already.
Then if the account doesn't have a verified email address, ask them to find the email and click the link - and give them to option to send another verification email.
I have built an app that uses email & password authentication from Firebase, to enable users to log in, as per the Firebase documentation. The app itself uses Flutter as the coding language. I also have email verification enabled, to prevent spam accounts.
When a user adds their email address and password and clicks 'submit', they're given a notification telling them to check their emails for the verification link, which they must do before being allowed to log in.
The problem I am having is that users do not receive the verification email, so cannot log in. I've come across similar questions on this forum, where the answers have centred around checking spam/junk folders. I have asked the users to do this but they still have not received the email.
I've also tried using my own SMTP server, which is one from which I know I can send emails. Even with this, the users do not receive their verification email. This makes me think the emails aren't being generated/sent, as opposed to them being sent and not being received.
Can anyone suggest why this might be the case? Why is it that users are not receiving the verification email and what can I do to correct this?
If you don't use custom domain, sometimes emails go in spam folder
Even if the OTP is correct, it is showing this error when enter the verification code
The SMS code has expired. Please re-send the verification code to try again
I tried to delete Phone Number in test account
I tried delete SHA-1 key or SHA-256 key and again re-enter on firebse console
I tried json file replesh by new file
or when I try to login second time, I am not getting any code sms for the same number in same device.
how to resend OTP on request from the number and ?
I added Firebase Phone Authenticate to my mobile app. Standard flow:
input phone number
wait for the verification code
get the verification code
put the verification code
Sometimes the user has broken flow (SMS does not come along):
input phone number
did not wait for the verification code
click "resend verification code"
get first (stale) verification code
input the first verification code
get an error message (verification code is invalid)
In the second scenario, the user could avoid a problem if after click user get the same verification code. Has Firebase certain settings? (although this somewhat reduces the security of authorization over the phone). With the javascript API, is there a way to 'resend' the same verification code?
You can try adding a timer after they click to send the SMS code which would wait for some time (15seconds) before allowing the user to resent the code. FirebaseUI uses that mechanism to take into account SMS delays.
On the other hand, this shouldn't be a problem, Firebase Auth will resend the same code for the same session within a short period of time apart. So if the user enters an older code (code from successive attempts), it will still work.