Reputation: 4827
Firebase email not verified override
I am creating user password registration in Firebase but have a specific scenario that I cannot understand.
- User creates the account with someones else's email address ([email protected]), not his own.
- Email verification sent to this account ([email protected])
- User does not verify this account because it is not his.
- The user with a real account ([email protected]) tries to create an account and gets: The email address is already in use by another account.
How to solve this scenario?
Upvotes: 0
Views: 462
Answers (1)
Reputation: 599661
Email verification is not a required step when using the email+password provider, so in step 1 the user is signed in with a valid account. You can block them from accessing data based on the emailVerified property, but the account will still exist. If you want to support this scenario with the email+password provider, you'll have to occasionally delete unverified email addresses with the Admin SDK.
Alternatively consider using the email link provider, which essentially combines verifying their email address with signing in. And would mean that in step 4 the user is actually signed in.
Upvotes: 1
Related Questions
- Firebase isEmailVerified returns false even after verifying email
- Firebase Email Verification Not Working Properly
- email is not verified
- Firebase Authentication: Update Email
- Firebase email verification not updating status
- Android - Firebase Authentication not working with Email/Password setup
- Email not being Verified in Firebase
- Email verification using Firebase 3.0 on Android
- Android Firebase Email Validation
- Android Firebase Email and password authentication does not work