1

I am using firebase auth on my android app. Now while signup if a user gives some non existing email, It still lets the user to signup. and saves the information on the database. How to prevent that?

Frank van Puffelen
  • 565,676
  • 79
  • 828
  • 807
NPN
  • 125
  • 1
  • 8

2 Answers2

2

The only way to check an email address is 'real' is to require the user receive an email on that address and respond to it - as this work flow is so common firebase has specific workflow to deal with it; That a look at the documentation here https://firebase.google.com/docs/auth/web/manage-users#send_a_user_a_verification_email

Elemental
  • 7,365
  • 2
  • 28
  • 33
  • I tried that. firebase also sends email to non existing email id. So there is no way to tell if the data i have is garbage or not. I mean some can just brute force the signup to create millions of account with this kind of id. – NPN Sep 30 '17 at 07:40
  • 2
    The only way to determine if an email address exists is to send an email to it. So that's precisely what Firebase does when you tell it to send a verification email. But in that verification email is a link/code that the user can click/enter. When they do so Firebase will mark their email address as verified. And those two latter steps of course only can happen when the user actually received the email, so when the email address exists *and* they have access to it. – Frank van Puffelen Sep 30 '17 at 13:27
1

You can authenticate your users in several ways:

  1. Custom Email/Password Login (One that you are trying i guess). Be clear of the fact that you will have to first register your users, store their registered data online on firebase database, and then verify the registered data (in the database) when they login with the previously input credentials.

  2. If you want your users to login using authentic credentials beyond your database's information, the most easy and useful way can be using Facebook or Google Authentication. Note that you don't necessarily need to have those apps on your phone to login using these methods. You can follow the following links to guide you through the steps to do so.

    https://firebase.google.com/docs/auth/android/facebook-login https://firebase.google.com/docs/auth/android/google-signin

Community
  • 1
  • 1
Robillo
  • 192
  • 11
  • I am using Custom Email/Password. Suppose a user gives "asd@asd.com". Firebase still lets the user to signup. But clearly this email is not real. I want to stop that. I dont want to store their data. – NPN Sep 30 '17 at 07:30
  • you can try this link: https://stackoverflow.com/questions/41665179/android-firebase-email-validation – Robillo Sep 30 '17 at 09:52
  • Again - the only way to check a email address is valid is to send mail to it. – Elemental Oct 02 '17 at 07:24