2

I am developing an app with Firebase and I have to register users to the app using email registration method provided by Firebase. I pretty much did well on Email verification and such things, but one problem, I'm encountering is that "how to validate" entered email address?

By validation, I don't mean if its a correct email form, such as blab@blabla.com pattern, for example Iamsomething@gmail.com is an invalid email which cant get email verification, although it is perfectly fine in terms of email pattern.

I want to make sure that invalid emails are not registered to authentication database in the first place. How can I solve this problem?

AL.
  • 36,815
  • 10
  • 142
  • 281
theroglu
  • 136
  • 3
  • 12

1 Answers1

1

You cannot prevent users from creating an account on Firebase Authentication with an email account they don't own.

That is precisely why you'd implement email verification in your app: to you can prevent those users from accessing other resources. For example, you can ensure that only users with a verified email address can access the Firebase Database with:

{
  "rules": {
    ".read": "auth.token.email_verified == true"
  }
}

See my answer here for an extended version of that: How do I lock down Firebase Database to any user from a specific (email) domain?

Community
  • 1
  • 1
Frank van Puffelen
  • 565,676
  • 79
  • 828
  • 807
  • 1
    Yeah I get it, you are absolutely right, but then this question pops up , if we cant prevent users from creating an account on Firebase Authentication, lets say we have possible nerdy attackers that want to cause a damage by creating so many spam accounts in the Fİrebase Authentication, then wont be Firebase AUthentication swelled because of this spam accounts at some point? – theroglu Jan 15 '17 at 23:39
  • One advantage using a backend-as-a-service is that you don't have to worry about such abuse cases. If you have a reason to suspect your project is being affected by such attacks, [reach out to Firebase Support](https://firebase.google.com/support/). – Frank van Puffelen Jan 16 '17 at 00:44