UPDATE: it just randomly started working for me now...is there a period of time after updating an email that it is ineligible for new account creation?
I was able to use this API call provided by firebase to change emails for an account, but now I cannot use the other email to create a new count. I cannot reuse the other email at all. It seems like there is still a lock or hold on the old email.
https://firebase.google.com/docs/reference/js/firebase.User#updateEmail
Steps to reproduce error
signup with original#email.com
update account email to new#email.com (and click verification link sent via email)
cannot create a new account (nor re-update existing account) with original#email.com
I am simply looking to free up the email that is no longer in use. (original#email.com)
Note in image below that 'original#email.com' does not show up
This is a security related behavior. The old email is reserved just in case the owner of the email decides to revert to the old account by clicking the email change revocation link which is sent to the old email. This gives the owner of the account the ability to recover their account in case it was hijacked and the attacker tried to change their email.
Related
In a Firebase project, I have activated multiple sign-in methods (e-mail, Google, and Microsoft), which all work fine. I also have it activated to only allow one account per e-mail address.
The problem arises when a user successfully signs in via Google or Microsoft, then signs out and then signs in via e-mail, using the same e-mail address as before using Google or Microsoft. Then his account type changes to e-Mail and it seems like a no way back.
Is there a way to change user account types from e-mail back to Microsoft or Google?
Your code must have different functions written for different signin's. When the user first logs in, store his login method on firestore. You can get this from the signin function triggered or simply by the button user clicked. Then during each login add a check that if user exists and user's current signin method is not the same as the one stored on firestore, notify the user to use the correct one.
Or you can let the user signin using whatever they please but ultimately in your code, the function which is triggered will tell you the current signin method and you'd have the first/previous method stored. So you can do stuff accordingly.
What you are writing in question seams not how it works. When you sign in using Google provider your email is verified automatly and if you try to sign in using same email authentication will throw error that account with that email allredy exists.
If you created first account using email and password and didn't verify your email addres then if you sign in using google provider with same email address in it, email and password provider will gone because of was not verified and you wont be able to login using email end password unless you will setup a new password for this email.
If email was verified and you sign in using google provider with same email address. This provider will be added to providers array and you will be able to login using email and password and google provider.
To add multiple providers to your accaunt you can use linkWithPopup() function. If you created accound with diferent email address and want to be able to log in on this account with provider who has diferent email address for example.
I am creating a messenger app. In order to register a new user what I want is to get email and password from the user and before creating the account I want to verify the email provided by the user.
But the problem with firebase email verification is that you have to create account/user first then you can send the email verification link to the user.
Now this can lead to major problem: Suppose if some fake user used my email and created account but failed to verify email. But still he manages to create an account with my email.
So if later I will try to register my self to the app then I am firebase is going to show me Email already used.
To solve this issue I want to delete account created if user fails to verify his email just after he tried to register himself.
To do this I created an email verification screen which is pushed as soon as new user register through his email and password. Now here app will be waiting for user to verify his/her email by clicking the link send by firebase. I have also provided a cancel verification button. So if user cancel the verification I am just deleting the account which was already created. I am also handling if user press back key without verifying email which will also delete the user account.
Main Problem: Now the the last thing I need to handle is if user force quit the app. In order to handle this I tried to delete the account in dispose method as well as I used WidgetsBindingObserver. But both of them doesn't work for me.
Please help me to solve this!
The idea of email Link verification was created to solve this problem. Instead of creating an account and then verifying the email after, the account is just directly created from your email. So obviously you must have access to the email to create the account. See https://firebase.flutter.dev/docs/auth/usage/#email-link-authentication for details on how to implement this style of link authentication.
A similar discussion of how to handle quitting the app is occurring here How to execute code before app exit flutter . However abrupt quits from an app whether done by the user or the system are hard to handle by nature.
I wouldn't recommend deleting the account when quitting/ closing etc. the app since it is something legitimate users may do before confirming their email (especially if the email is delayed in being sent for whatever reason). This will cause a lot of frustration.
You could setup a Cloud Http Task to trigger the deletion of that account after a certain time (e.g. a few hours) of the account not being registered.
If they do register in time, you can cancel the task before it runs.
When updating user's email using admin.auth().updateUser({email: newEmail}) the user's email gets updated (as an authentication provider). But whenever I refresh the page, the user gets logout.
Is there a way I can prevent that from happening and keeping the user logged in after its email gets updated?
Firebase treats the email address as its primary way of finding the account for a user when you don't (yet) have their UID. For that reason the email address is considered sensitive information, and changing it requires that the user reauthenticates before they can continue to use the app.
The Admin SDK documentation doesn't explicitly mention this as far as I can see, but you sort'of derive it from the documentation on setting a user's email address.
Would anyone know how we could implement the following with Firebase auth. Docs/searches haven't produced a good answer yet. So the use case is as follows:
User comes to a site to buy something. We allow them to buy without any sign-up barrier and on checkout, just ask them for their email. An anonymous user is created and their purchase is sent to their email provided.
With that email, we'd like to set up a passwordless account for them so that the user can log in later just with their email and see items bought in their dashboard. For that the anon uid recorded with the purchase needs to be associated with the email.
So the question is how to achieve that an anon account upgraded to a registered account with the email provided.
We've tried inserting a passwordless sign-in link sending at the point of the purchase, but it just created a new account with a new id, which is not what's needed. We need the uid to stay the same as the anon user's so that we can simply connect their purchases to the newly email-authenticated account. Perhaps, there is a way of associating an anon uid with an email before sending that passwordless signin link?
Hope this makes sense, but please do ask if anything is unclear.
To create a Credential object from an email link, you can use the EmailAuthProvider.credentialWithLink method. You can then use this credentials object to upgrade your anonymous account.
Also see: Deleting User account with using Passwordless Authentication?
I use createUserWithEmailAndPassword(string, string) in flutter, but I noticed if the user used a fake email address, like making us some random Gmail or yahoo account that doesn't exist, the user would still be registered, is there a solution to this
Or some logic that checks if the email account is real, then I can use the result in an if else statement to create the account
If you are looking for a solution that doesn't involve blocking the user experience, you'll be disappointed. We could come up with a new solution for checking whether an email exists or not, but this doesn't guarantee you anything. The user may use an existing email that doesn't belong to him/her.
The best you can do is send a verification email to your user, which is supported by Firebase. However, the user experience is going to be blocked until the user verifies the email.
Update
Check here how to send the user the verification email and here how to see if the email has been verified.