This question already has answers here:
Firebase authentication email customisation
(4 answers)
Closed 4 years ago.
The community reviewed whether to reopen this question 1 year ago and left it closed:
Original close reason(s) were not resolved
Firebase supports password-less email logins. A user provides their email, and then Firebase emails them a login link.
https://firebase.google.com/docs/auth/web/email-link-auth
However, I don't see any way to change the email text. This is the default:
Sign in to project-XXXX
Hello,
We received a request to sign in to project-XXXX using this email address. If you want to sign in with your XXXX#XXXX.com account, click this link:
Sign in to project-XXXX
If you did not request this link, you can safely ignore this email.
Thanks,
Your project-XXXX team
The Authentication > Templates section of Firebase Console only shows the following options. None of them match the text above:
You cannot, Firebase prevent this in order to avoid being used for spam. If you want to change the email, you need to handle the flow by yourself.
More info/references:
https://stackoverflow.com/a/50077575/5869296
The way Firebase has the message content locked down makes sense to me (I am currently using the Firebase email/password authentication) -or I should say, makes sense for at least specifically for the password reset message.
For the email confirmation message, as #Kayce pointed out, user has to be logged in. I can only imagine that there was some security/spam concern that Firebase folks thought of that I cannot come up with.
If customization was allowed for password reset messages, anyone with an email list that they want to spam can write a simple app, customize the message to whatever they want and have Firebase send that message to any email address that they want to spam (but I understand the question was about email verification emails).
Strangely, they do allow edits of the password reset emails.
Related
I'm using a Firebase phone auth as primary authentication. Since the phone is vulnerable, I want to link an email address to it that the user can use to access his account to change his phone number in case he lost his phone or got stolen. I can't find a way how to do it.
I saw a method currentUser.linkWithPhoneNumber(). However, reading its documentation, it says it is only supported on web platforms. Is there any other way to make this possible?
When you authenticate a user with a phone number, the only data that you have inside the FirebaseUser object when the authentication completes, are the UID and the phone number. If you need to add an email address to an existing account, you can request the user to provide an email address. Once you have that, you can update the email address using the FirebaseUser#updateEmail(String email) function. As soon as the account is updated, you can add any functionality related to that email address.
Since you didn't specify a programming language, I linked that function to the Android docs, but certainly, you can do the same thing in the case of any other programming languages.
upon further reading, i found Email Link Authentication that answered everything i've asked.
Linking/re-authentication with email link You can also link this method of authentication to an existing user. For example a user previously authenticated with another provider, such as a phone number, can add this method of sign-in to their existing account.
https://firebase.google.com/docs/auth/flutter/email-link-auth
I have built an app that uses email & password authentication from Firebase, to enable users to log in, as per the Firebase documentation. The app itself uses Flutter as the coding language. I also have email verification enabled, to prevent spam accounts.
When a user adds their email address and password and clicks 'submit', they're given a notification telling them to check their emails for the verification link, which they must do before being allowed to log in.
The problem I am having is that users do not receive the verification email, so cannot log in. I've come across similar questions on this forum, where the answers have centred around checking spam/junk folders. I have asked the users to do this but they still have not received the email.
I've also tried using my own SMTP server, which is one from which I know I can send emails. Even with this, the users do not receive their verification email. This makes me think the emails aren't being generated/sent, as opposed to them being sent and not being received.
Can anyone suggest why this might be the case? Why is it that users are not receiving the verification email and what can I do to correct this?
If you don't use custom domain, sometimes emails go in spam folder
This question already has an answer here:
Verify a user's email address before confirming registration, with Flutter and Firebase
(1 answer)
Closed 1 year ago.
Is it Possible? can I send email verification before I create a user with email and password in Firebase authentication using flutter?
I wanted to know this because if I register the entered mail and then if I send email verification, then if the email account is not valid(i.e the email format is correct, but it is not present in google database to send link to email), then it would simply create a record in Firebase authentication which is a loss of storage, so I would like to know.
Thank you
There are two providers for signing in with email to Firebase:
Through Email+password. There is no way to require the user to verify their email address before they can sign in with this provider. You can of course prevent users without a verified email address from using the app, and accessing the data.
Through Email link. Here the user gets an email with a sign-in link, so their email address is implicitly verified as part of signing in.
If you want to require the user to verify their email address before they can sign in, it might be best to have them sign in through an email link.
In addition to #Frank's answer, when a user signs up you can send verification email to them. You can always check if the user has verified their email in your app by checking the isEmailVerified property as well as in security rules.
Talking of database storage, you can run a scheduled cloud function every midnight to delete data of users who have not verified their email.
You can refer to this answer for a detailed explanation on periodically deleting unverified users.
This question already has answers here:
Is it Possible? sending email verification before a record is created in firebase authentication? [duplicate]
(2 answers)
Verify a user's email address before confirming registration, with Flutter and Firebase
(1 answer)
Closed 1 year ago.
I have a Flutter mobile application which uses the Firebase email authentication. Users register themselves by entering username, password, current country and first and last name. When they register, I create a user document under the users collection which will have email as an id, first, last name, country, notification token. However once they verify their email address then only they can use all the features of the app.
My problem is, some users enters junk email address which does not exists. Due to this, I am ending up with having wrong email address in the Authentication as well as in my Firestore user collection too. Also as these are junk email addresses, they will never be able to verify and login.
Right now I have a Firebase scheduler function that deletes these unverified users (older than 30 days) from the Authentication as well as user collection.
I don't want to create any entry in the Firebase authentication as well as in the users collection until and unless the user verifies their email address. Or is there any other way to achieve this?
Thank you
One solution is to use Email Link authentication: the account will be created when the user completes the process.
Paul Ruiz (Firebaser) has written a complete article detailing how to implement this option: See the "Email Link (Passwordless Sign-In)" section.
FYI, the equivalent doc for the iOS and Android SDKs can be find here and here.
I have my firebase authentication set to prevent multiple accounts for the same email, but it doesn't seem to be doing that. See following pictures:
Has anybody experienced this issue before?
**Edit: Here's the details for reproducing this bug:
Pretty much the problem boils down to the updateEmail() function.
When a user signs up for my app I want to ensure I have an email for the user so searching for that user is easier. The problem is Facebook authentication doesn't ensure the user has an email for the following two reasons:
The user could have not allowed email permissions.
The user could have created their Facebook account only using a phone number.
Because of this, my
login code is somewhat complex but here's a link to my code with comments to explain everything (Note that I'm using custom Facebook/Google buttons which is why I had to manually do some stuff): Login Gist
If you look at the func getFBUserData() and see the comments above it, the bug is happening in the Case 1's first bullet point:
// 1) user's facebook does have email. This is common case
// - in this case, sign them into Firebase
// - could be that they previously didn't have email but now they do, so update Firebase user's email
This is the edge case where for some reason a user first didn't allow email permissions, then changed their minds and allowed them. What's interesting is that the code will still throw the .errorCodeEmailAlreadyInUse error, but the account will show up in the Firebase console as seen in the picture in the SO question and the following which I just did: http://imgur.com/yMjYXgH