Reputation: 786
Firebase: disable account on verification or send verification after enabling
In a Flutter + Firebase application I'm working on, user create an account (with Firebase Auth) and receive a verification email. However, this application is only for a select number of people, and therefore I have it implemented in such a way that new users are disabled by default and need to be enabled by in-app admins. It turns out that the verification link does not work if your account is disabled, so new users need to wait for admins to enable their account before they are able to verify. This is not ideal, and the desired workflow would be either one of these:
User creates account > account is automatically disabled > admin enables account > verification email is sent (preferable) User creates account > verification email is sent > account is disabled on verification > admin enables account > user gets notified that account is enabled (slightly less preferable because of this last step)
Option 1 requires some function to be notified once an account is verified so that it can be disabled, and I can't find any documentation on whether this is even possible. Option 2 requires taking over the verification emails send by Firebase Auth in some weird ways. My question is: is Option 1 a possibility? And if no, how to tackle option 2?
Upvotes: 2
Views: 1708
Answers (1)
Reputation: 599716
To verify the email address for an account through the client-side SDK or REST API, a user needs to be signed into that account. If you disable an account in Firebase Authentication, the user can't sign in to that account to verify it.
Your options are to:
Either handle the entire flow yourself, and then verify-and-enable the account using the Admin SDK. There is no step-by-step guide for this in the documentation.
Or don't disable the account in Firebase Authentication, but instead only allow the user to use the app, and access the data, after they've verified their account.
The second option is by far the most common, as you essentially just separating the authentication part of the flow (the user proving their credentials) from the authorization part (the user gaining access to the app and its data).
Upvotes: 2
Related Questions
- Flutter: How to listen to the FirebaseUser is Email verified boolean?
- Firebase email/password authentication - how to require email verification?
- Can I send email verification every time the user login instead of using password in firebase (Flutter)?
- Email OTP verification with firebase authentication in Flutter
- Firebase custom verification email
- Firebase auth email verification is useless because the user can access the app even if he doesn't click the confirmation link
- Let user know when email verified
- Firebase email verification Flutter
- Verify a user's email address before confirming registration, with Flutter and Firebase
- Set isEmailVerified of already verified firebase Users to false