0

I'm using Firebase's createUserWithEmailAndPassword() method to register users, and I'd like to enforce password and email rules on the client side. While I've observed that passwords with fewer than 6 characters result in an error:

Password should be at least 6 characters

I haven't found comprehensive rules for password and email validation in the official documentation.

Can anyone provide or point me to the exact validation rules for both password and email when using this Firebase method?

Alex Mamo
  • 130,605
  • 17
  • 163
  • 193
Lars Flieger
  • 2,421
  • 1
  • 12
  • 34
  • 2
    The Firebase provider for email+password sign-in requires a valid email address and a password of at least 6 characters (as evidenced by the error you get). I don't think there re more rules. – Frank van Puffelen Aug 13 '23 at 15:09
  • Thanks for your comment. I'm not able to find more rules. In the API Reference it only says "auth/weak-password" for the password rules. Maybe would be great if they could add it to their docs: https://firebase.google.com/docs/reference/js/v8/firebase.auth.Auth#createuserwithemailandpassword – Lars Flieger Aug 13 '23 at 17:06
  • If no more rules are documented, what makes you think there are more rules? – Frank van Puffelen Aug 13 '23 at 17:15
  • @FrankvanPuffelen This is what I'm looking for a documentation what are the rules. The "at least 6 characters" isn't documented, just found by brute forcing the error. – Lars Flieger Aug 14 '23 at 07:57

1 Answers1

1

As @FrankvanPuffelen mentioned in his comment, the minimum that is required to sign a user in is to have a valid email address and a password with a minimum length of 6 characters. If you don't do that, an exception will be thrown. However, if you need more than that, then you have to write code on the client. For example, if you want to restrict the authentication if the user provides an email address that is not correct, then you can validate it using one of the solutions that exist below:

If you want the same for the password, then you can write your own regular expressions to validate the password.

Alex Mamo
  • 130,605
  • 17
  • 163
  • 193
  • Thank you for the response. I'm aware of the minimum length requirement and the ability to implement additional client-side validations. However, my main concern is understanding Firebase's inherent validation rules, especially when it returns "weak password" errors. Is there official documentation detailing exactly what Firebase considers a "weak password" or the exact rules for email validation? This would help in ensuring that our client-side validations align closely with Firebase's own rules to provide a consistent user experience. – Lars Flieger Aug 14 '23 at 07:57
  • 1
    I'm currently not aware of any official documentation other than what have you already seen. Firebase authentication requires a minimum, however, from my experience, almost all applications implement their own mechanism to validate the email and password. So I encourage you to do the same. – Alex Mamo Aug 14 '23 at 08:11