0

I have a difficult situation in mobile i need help with. I am working on a android app that allows the user to change their email address after they have successfully logged in. This is part of the account settings menu.

Let's go through the flow so i can show you the issue:

  1. user logs in successfully as firstEmail@domain.com

  2. user goes to account settings area and changes their email to secondEmail@domain.com.

  3. The android app notifies the user that a verification email has been sent to their new email secondEmail@domain.com

  4. User leaves the app and goes to their email app like gmail app and finds the verification email and clicks the link inside to verify the account.

  5. Behind the scenes transparent to user, clicking the verification link updates the back end server to update the database with new email address.

  6. User returns to the android app but is still logged in as firstEmail@domain.com

How can i notify the application that the user verified the email ? I was thinking one approach could be that after user clicks on the verification link and back end DB is updated, that i could redirect them with a deep link into the app and update the new email that way but need advice as user could open the verification link from their pc or anywhere else.

j2emanue
  • 60,549
  • 65
  • 286
  • 456

2 Answers2

3

Deep linking is better idea also you need to receive notification in application that email is verified and that notification you would fire or make it background by setting notification type you can do that one, so all device will receive that notification which you logged with same user.

Thanks, i hope this will work.

Jatin Wadhavana
  • 78
  • 5
0

Log them out after they changed the account email. They should not be able to use the 1st email anymore. The account must use the 2nd one, albeit inactive until your backend is updated with verification.

muratgu
  • 7,241
  • 3
  • 24
  • 26
  • Appreicate your feedback. this solution you offered is not 100% . they have not verified the email yet so even if i log them out they are permitted to still log in as the firstEmail@domain.com. The firstEmail@domain.com is still valid until they actually click the verification link. – j2emanue Feb 18 '17 at 20:08
  • i see what your saying, your saying do not allow them access to the app until the new email is verified. i think this could be a bad idea incase they entered the wrong new email address and want to change it again or some rogue person was trying to change the amail account. – j2emanue Feb 18 '17 at 20:17