In my app, when the user put an email and password he can signup up and login. but how can I make sure that the registered user is the email owner and not using someone's email (I'm using firebase for authentication).
if any of those above, how to do it ?
It is possible that you will need to update your version of the Firebase SDK. Firebase User in the auth module has the ability to send an email verification using the function user.SendEmailVerification:
For Example
FirebaseAuth auth = FirebaseAuth.getInstance();
FirebaseUser user = auth.getCurrentUser();
user.sendEmailVerification()
.addOnCompleteListener(new OnCompleteListener<Void>() {
@Override
public void onComplete(@NonNull Task<Void> task) {
if (task.isSuccessful()) {
Log.d(TAG, "Email sent.");
}
}
});
In the case that you want to limit access to the application you'll need to use user.isEmailVerified(). How exactly you use this will depend on what behavior you want your app to exhibit. Note that that the FirebaseUser object is cached so you may need to call .getCurrentUser().reload(). You could either do this on a timer or when the user returns to the app. Alternatively you could check this after a login and if they are not verified log them out, and display a message saying they are not verified and wait for them to try again.
For a more complete discussion see: https://firebase.googleblog.com/2017/02/email-verification-in-firebase-auth.html
