I am trying to add Email and password verification using Firebase, and I saw on their snippet that you can choose whether to send a verification email or not. What happens if a user doesn't verify? Will his account be automatically deleted by Firebase?
Asked
Active
Viewed 808 times
3
Frank van Puffelen
- 565,676
- 79
- 828
- 807
pileup
- 1
- 2
- 18
- 45
-
1No, that function is for you to check if you want to proceed the user ahead or keep them waiting for confirming the mail. – Vikash Bijarniya Nov 23 '18 at 11:37
-
Thank you, then does Firebase has some built-in anti spam/robots protection in case I do not verify? – pileup Nov 23 '18 at 11:46
-
1Never read about this, but why its bothering you? – Lekr0 Nov 23 '18 at 13:58
1 Answers
5
When a user verifies their email address with Firebase Authentication, the isEmailVerified property in their profile will be marked as true. This is the only change that Firebase makes. It does not make any other changes based on whether the user verifies or does not verify their account.
Typically you'll use the value of isEmailVerified in other parts of your app. Some examples:
- The first activity of your app may prompt the user to verify their email address, if
isEmailVerifiedreturns false. You can authorize only users with a verified email address to write to your database, using Firebase's server-side security rules.
For the Realtime Database this would look like:
".write": "auth.token. email_verified === true"And for Cloud Firestore this would be the equivalent:
allow write: if request.auth.token.email_verified;You can periodically clean up unverified accounts with the Firebase Admin SDK. Check out this example of deleting inactive users. You'll want to change the code to capture unverified users, instead of inactive ones.
Also see:
Frank van Puffelen
- 565,676
- 79
- 828
- 807