Reputation: 71
Disable changing email in Firebase
Firebase allows users to change their email client side with
firebase.auth().currentUser.updateEmail("[email protected]")
However, I would like to disable this feature entirely - obviously, I offer no way to access it on my app by default, but if an attacker managed to trick the user into install a Chrome extension or otherwise was able to access client credentials, I would always want it to fail if possible.
Is there anywhere on the Firebase auth console where I can change this functionality or a Cloud function that would stop users from changing their email?
Upvotes: 7
Views: 666
Answers (1)
Reputation: 56
At this moment in time, I do not see anything in the console or otherwise to disable this functionality. As it stands, there are only two Cloud Functions available for Firebase Auth events - user creation and deletion, so that would probably not be applicable to this use case either. The only thing I can think of is to just use the Admin SDK and your own API / backend to facilitate custom authentication for this scenario.
Upvotes: 0
Related Questions
- How to disable account creation in firebase authentication
- How can I prevent Firebase auth users from changing their email address by themselves?
- Firebase prevent leaking existence of email account
- Prevent user account creation with sign in by email in firestore
- How to disallow disposable email in firebase auth email provider signup?
- I don't want to Re-authenticate a user if he change password for his account in firebase email password authentication
- Firebase user changes email or phone number
- Firebase is converting Email Provider accounts to other provider accounts
- Firebase auth how to prevent user from giving non existing email id on signup
- Change email of a user with Firebase simple login