CODEWITHSUNDEEP
javascriptfirebasefirebase-authenticationgoogle-cloud-identity
IncognitoUser
IncognitoUser

Reputation: 436

Firebase email template for Scope to a tenant

I modified the email template for "reset password". If the user is out of tenant scope on Identity Planform - the template works fine. But when the user is in tenant scope - the template not working.

User out of scope:

IDP: https://i.sstatic.net/CNO8S.png

Email: https://i.sstatic.net/7B4ra.png

User in scope of tenant:

IDP: https://i.sstatic.net/Q42EP.png

Email: https://i.sstatic.net/6dB6o.png

export const resetPassword = (email) => async (dispatch) => {
  try {
    const userSnapshot = await firebase.db.collection(USER_DATA_COLLECTION).where('email', '==', email).get();
    firebase.auth.tenantId = userSnapshot.docs[0].data().tenantId;
    return await firebase.doResetPassword(email);
  } catch (e) {
    console.log(e);
  }
};

Upvotes: 4

Views: 1184

Answers (2)

chronologos
chronologos

Reputation: 338

You can call the admin API to inherit emailSendingConfig. Emails sent from tenant will now follow the project-level email sending configuration.

Upvotes: 0

Thomas Burke
Thomas Burke

Reputation: 1365

Currently, Google Cloud Identity Platform (GCIP) and Firebase Auth do not support tenant specific email templates.

You can update tenant metadata to allow the tenant to inherit custom domains, email templates, and custom SMTP settings. If emailSendingConfig is set to true emails sent from tenant will follow the project level email sending configurations. If false (by default), emails will go with the default settings with no customizations (e.g. custom domain attached to email template will not be applied). You can set this field by executing the below cURL command:

curl -d "{'inheritance':{'emailSendingConfig': true}}"\
-H 'Authorization: Bearer AUTH_TOKEN' \
-X PATCH -H 'Content-Type:application/json' \
https://identitytoolkit.googleapis.com/v2/projects/PROJECT_ID/tenants/TENANT_ID?updateMask=inheritance.emailSendingConfig

Notes for the parameters passed to the above cURL command

The AUTH_TOKEN will need the scopes listed in the Identity Toolkit REST API documentation. One of the easier ways for you to retrieve the auth token for the REST command is to have a project owner use OAuthPlayground and authorize the Identity Toolkit API v3 scopes

Identity Toolkit API v3 scopes

TENANT_ID is the actual tenant id as opposed to the display name, this can be obtained via the GCIP > Tenant Cloud Console page.

Upvotes: 4

Related Questions