Firebase : How can I access the new password created from Firebase's sendPasswordResetEmail()

Question

I'm working on a Node js project using Firebase. Currently, I store several User fields in the database under their email address. (Users > Email Address > (five different fields)). One of these fields is the user's password.

In my Reset Password workflow, I have Firebase send the User a reset password email. After the user goes through the link in that email, they successfully change their password and can now log in with their new password. My question is how can I grab that new password, and update the Users > Email Address > password field in my database right away? Currently, this field is holding the old password that doesn't have any use any longer.

I don't believe we will need this field for the project, but I want to keep it updated for now in case another member on my team needs it. Thank you

Answer 1

My question is how can I grab that new password, and update the Users -> Email Address -> password field in my database right away?

By using the standard reset password email mechanism proposed by Firebase you cannot "grab" the password.

You would need to implement your own mechanism as explained in the "Create custom email action handlers" page in the doc.

---

As evocated by @Kiran in his comment, storing users' passwords in your Firebase DB (Firestore or the RTDB) can be dangerous: you should take care that they cannot be read by some malicious users, typically by using security rules.

It can make sense, from a specific business/admin/organisational reason, to store users' password in a Firebase DB but then you should correctly protect them.