I created a user via the console and inside my client (iOS App) I require the user to have their email verified before they can use it.
However the test user does not have a valid email (it does not exist).
The email is testing#project-name.com.
Is there any way I can set the account as "verified email"? I don't find anything in the console, is it possible to set this status on a user (maybe in a onCreate auth trigger?)?
Thank you
There is no option in the Firebase Console to set the emailVerified state of a user. So you'll have to do it in code.
The easiest way to do this is through the Firebase Admin SDK, which is available for Node.js, Java, Python and Go. In Node.js it's as simple as:
admin.auth().updateUser(uid, { emailVerified: true })
You can find the user's UID in the Firebase console.
adding for laravel-firebase SDK:
app('firebase.auth')->updateUser($uid, [ 'emailVerified' => true ]);
Related
I have ignored the email/password sign up process and the necessary email verification for a long time and only used the very basic functionality to get started and build on top of that. But now I reached the point where I cannot avoid to use a more production-grade email/password sign up process. Currently I am using these Firebase services: Authentication (email/password only), Firestore and Cloud Functions with a react-native application.
When a user signed up successfully (signed in but without an verified email!) the react native application won't offer functionality until the user has verified his/her email. Right after the sign up the client will send an email with an verification link (through the default firebase server), the user can verify his/her email by clicking the link.
The issue: How to react suitable to a change of emailVerified or any other event which fires if the email got verified?
I have now searched the whole day for a working solution. These are my approaches:
Use your own website to which all verification links are linked (tried this but did not work at my first attempt)
use actionCodeSettings in the email verification link to redirect the user and let the client reload its components
Use Cloud Messaging and inform the client about changes to the email verification status
call a Cloud Function (from an external server) which updates a tmp document in Firestore to which the client subscribed
reload()/loop
I am thankful for all comments, helpful links etc.!
There is a method in the Firebase SDK: isEmailVerified() which tells if the user has verified the email or not.
For react native, I found straightforward documentation: Email Verified. On the launch of the app, you can check if the user has verified the email or not and then make changes accordingly!
Happy Coding!
I'm using the Firebase SDK on a React Native app. I'm authenticating users with onAuthStateChanged - works great.
If it doesn't return a user, they can sign up using their phone number.
For that I use the following on submitting the phone activation code:
...
const credential = firebase.auth.PhoneAuthProvider.credential(
verificationId,
verificationCode
);
await firebase.auth().signInWithCredential(credential).then((response) => {// creating a record on firestore. onAuthStateChanged will be re-triggered and store the user and token in state});
...
I would also like to set custom claims for the user. How do I do that? I cannot use admin SDK since this is the frontend and I also don't want to. I could fire a call to my graphQL to do it, but there is probably a way to add a custom claim in the flow above. How?
There is no supported way to modify custom claims from within a client app. Since custom claims are normally used to give special secure authorizations, it obviously be a security hole to allow user to assign claims to themselves. That's why it's recommended to use the Admin SDK on a secure backend you control.
Custom claims can only be set from a trusted environment. Otherwise anyone could make any claim they want about themselves, which defeats their purpose of securely adding information to a user profile.
Every year i want my Firebase users to verify their account-email again, to check that their Email address are still in use.
To test this i sent a new verification email to my (already verified) account. The mail was sent, but this did not set my .isEmailVerified to false, also after reloading the currentUser and the app.
Does anyone know if it´s possible to set the .isEmailVerified to false, once it is true at all, and if so how to do it?
Sending a verification email does not set the emailVerified property to false. That is the expected and intended behavior.
If you want to set the emailVerified property of a user to false, you can do so with the Firebase Admin SDK. For example, in Node.js it would be:
admin.auth().updateUser(uid, {
emailVerified: false
})
For more examples (including in other languages) see the Firebase documentation on updating a user profile.
Note that the Admin SDK has full administrative access to your Firebase project, so should only be run from a trusted environment, such as your development machine, a server you control, or Cloud Functions for Firebase. In no instance should you try to put this functionality in the app you give to your uses, as doing so will give them administrative access to your Firebase project.
In my Firebase application users can remove their accounts. I want to do the same thing which Google do when you're trying to remove your account: ask the user's password once more.
Is it possible to invoke this dialog using Firebase Auth API? Or in some other way?
You can ask the user to reauthenticate. This is actually common practice for certain sensitive operations like deleting a Firebase user, updating a password or email. You would reauthenticate and check the auth_time in the new ID token is recent.
So to reauthenticate with email/password in JS:
firebase.auth().currentUser.reauthenticateWithCredential(firebase.auth.EmailAuthProvider.credential(email, password))...
If you want to reauthenticate with a Google provider:
var customParams = {login_hint: firebase.auth().currentUser.email, prompt: 'consent'};
firebase.auth().currentUser.reauthenticateWithPopup(new firebase.auth.GoogleAuthProvider().setCustomParameters(customParams))...
I'm can currently succesfully use Firebase admin node sdk to createCustomToken. I know I can pass the token back to the client and using signInWithCustomToken sign in a user and het the UID. However, I am using custom authentication is the first place is because I'm creating sub-users with limited permissions that adminUser allows. I was hoping to use setCustomUserClaims to attach some data to the sub-users so I can show the correct sub-user ui and set correct security rules in database. However I can't seem to figure out how I can set the customClaims beacuse I don't have the sub-user UID until I call signInWithCustomToken on the client. What is the process to do this correctly?
Code I was hoping to run right after creating a customToken for a subUser
admin.auth().setCustomUserClaims(uid, {subUser: true, viewPermisson: true}).then(() => {
});