I am trying to customize the email verification template of firebase in such a way that when the user subscribe, the email verificaton is sent to him and when he click on the verification link,the app is opened and it handle the end of the verification process. I am using firebase for my backend. So when i change the default verification URL by this :
myappname://PageName?mode=<action>&oobCode=<code>,
firebase generate an error and the modifications are not saved.
Custom schemes are not supported for email verification. Firebase Auth uses FDL (Firebase Dynamic Links) to send verification links directly to a mobile application. These use more secure mechanisms for app redirects including universal links in iOS, Android verified links and Google play verified links, etc. Please use these as they are more secure than custom schemes which anyone can claim and are particularly vulnerable in Android which is not as regulated as Apple via the app store review process.
Related
When using Firebase Authentication for Mobile Apps, Is it possible to use an email verification to check the deliverability of the email addresses we are collecting?
How safe is to sign in or up a user with an unchecked email address as given in the official FB docs https://firebase.google.com/docs/auth/flutter/password-auth ?
Would it be a good idea to use reCAPTCHA to protect the app from spam and abuse?
I am currently using Firebase passwordless email verification for authentication to deep link from the email verification link to my iOS app. I would like the verification link to have the form https://example.com/onboard/<otherparams>. This would allow me to specify in the apple-app-site-association file that links that contain /onboard/* should link to my app while others should not.
Unfortunately, even when I use https://example.com/onboard in the "Action URL" field of the email template on the Firebase console, the verification link emailed to the user is in the form https://example.com/?link=https://example.com/onboard?apiKey.... I'm able to get the authentication working when I specify in the apple-app-site-association file that links that contain /* should open the app. However, this is an issue because I don't want other links to my domain (such as https://example.com/terms) to open my app.
What is causing Firebase to not create the verification link in the form https://example.com/onboard/<otherparams>?
I'm running a Next.js app on localhost port 3000. With Firebase email/password signup, I use auth().currentUser.sendEmailVerification(); to send an email with the Firebase auth emulator running. During development on localhost I'd like to be able to intercept, view the email and click the redirect link.
I've been using MailDev with Nodemailer on the nodejs backend to intercept emails sent from the backend, but I've been unable to find how to do something similar with these Firebase emails, such as send them to MailDev, which is receiving email on localhost:1025
The emulators don't actually send an email for the verification, but instead print a URL on the console that you can open to verify the email. See the documentation on Emulated email, email link and anonymous authentication.
The only way to get the verification emails is to test against the actual project, and not in the emulator suite.
There is another way, more automated:
Here is the auth log output for a new user within the Emulator:
Then base on this documentation you can fetch the oobCodes (out of band
codes) with restAPI:
Also documentation described here
I have ignored the email/password sign up process and the necessary email verification for a long time and only used the very basic functionality to get started and build on top of that. But now I reached the point where I cannot avoid to use a more production-grade email/password sign up process. Currently I am using these Firebase services: Authentication (email/password only), Firestore and Cloud Functions with a react-native application.
When a user signed up successfully (signed in but without an verified email!) the react native application won't offer functionality until the user has verified his/her email. Right after the sign up the client will send an email with an verification link (through the default firebase server), the user can verify his/her email by clicking the link.
The issue: How to react suitable to a change of emailVerified or any other event which fires if the email got verified?
I have now searched the whole day for a working solution. These are my approaches:
Use your own website to which all verification links are linked (tried this but did not work at my first attempt)
use actionCodeSettings in the email verification link to redirect the user and let the client reload its components
Use Cloud Messaging and inform the client about changes to the email verification status
call a Cloud Function (from an external server) which updates a tmp document in Firestore to which the client subscribed
reload()/loop
I am thankful for all comments, helpful links etc.!
There is a method in the Firebase SDK: isEmailVerified() which tells if the user has verified the email or not.
For react native, I found straightforward documentation: Email Verified. On the launch of the app, you can check if the user has verified the email or not and then make changes accordingly!
Happy Coding!
Firebase auth clients can automatically send an email to a user when they try to sign in using password-less signin. For example, all you have to do in the android client is auth.sendSignInLinkToEmail(email, actionCodeSettings) and the firebase servers take care of everything. That means that there's already an email template, SMTP configuration, etc to be able to send that email.
How can one tap into that infrastructure but from a backend? all I find in the admin sdk is how to generate the sign-in link but that would force one to set up a service to send the email, deal with templates and localization and other things that give you extra flexibility but that are not necessary if the existing mechanism works well for you