Reputation: 1702
Forget password for Firebase Authentication with invalid email address
Firebase's email/password signup doesn't check if an email is valid - user can create an account with an email like [email protected] even if that email doesn't exist on google.
The issue is that if, a user forgets their password and we send a password reset email to that invalid email, the user wont be able to reset their password.
How to get around this issue?
Upvotes: 0
Views: 220
Answers (1)
Reputation: 599101
If you stick to using email+password authentication, there isn't really a good way to handle the scenario. Technically, you can change the password through the Admin SDK. But the problem is that you have no way to verify that the user is really the owner of the account, so you might be handing the new password to a malicious user.
If you want the user to only be able to sign in after their email address has been verified, consider using email link authentication.
Upvotes: 1
Related Questions
- Firebase email/password authentication - how to require email verification?
- Firebase not sending reset password email
- Firebase resetting password without verifying the account
- Forgot password in Firebase for Android
- Firebase reset password without email in React Native
- How to only send password reset email when the provider is email/password
- Auth Email limits password reset in Firebase Free account
- How recovers password with firebase Auth Reset password mail in firebase database
- Firebase handle reset password emails for not verified users
- Firebase reset password when email is not exist