How to validate Email address using Firebase

Question

I'm doing a two step sign up process. First email, then password.

I'd like to validate if the email is not in use or badly formatted first. If it's ok, then show the password form.

Right now I can't find a good way to verify if the email is used.

I'd expect something like this:

 firebaseAuth.validateEmailAddress(email)

Are you sure you want to do that? It would make it very easy for someone to retrieve the list of emails of all your users. — pzp, Jun 02 '17 at 22:41
that'll be on you to handle , Firebase doesn't expose validation methods in their api , they just verify ... I would try passing a poorly formatted email and see what error you get . — KpTheConstructor, Jun 02 '17 at 22:48
@pzp can you tell me more about that? I don't understand how would that allow somebody to retrieve the list of emails. — bernatfortet, Jun 03 '17 at 01:36
@bernatfortet I could simply try email addresses brute force style on the email sign in page, and see which ones take me to the password page. If I get to the password page I know that email address belongs to some user. — pzp, Jun 04 '17 at 02:37
I guess you now have an answer so how did you solve this problem @bernatfortet — PowerPlay, Jan 09 '22 at 20:04

score 6 · Accepted Answer · answered Jun 03 '17 at 00:06

6

You can check if an email is in use by checking if fetchProvidersForEmail returns an empty array.

answered Jun 03 '17 at 00:06

Eevee

This method no longer exists in 2022 – sankalp210691 Jun 22 '22 at 19:44
1

use fetchSignInMethodsForEmail instead https://firebase.google.com/docs/reference/js/v8/firebase.auth.Auth#fetchsigninmethodsforemail – Stanislau Buzunko Oct 03 '22 at 16:14

1 Answers1