stackoom
  简体   繁体   中英

Forget password for Firebase Authentication with invalid email address

 原文  2020-11-14 15:04:52       firebase-authentication/ email-validation/ reset-password

Question

Firebase's email/password signup doesn't check if an email is valid - user can create an account with an email like user1@gmail.com even if that email doesn't exist on google.

The issue is that if, a user forgets their password and we send a password reset email to that invalid email, the user wont be able to reset their password.

How to get around this issue?

1 answers

solution1
 1  2020-11-14 15:39:54

If you stick to using email+password authentication, there isn't really a good way to handle the scenario. Technically, you can change the password through the Admin SDK . But the problem is that you have no way to verify that the user is really the owner of the account, so you might be handing the new password to a malicious user.

If you want the user to only be able to sign in after their email address has been verified, consider using email link authentication .

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question Firebase Authentication - Forget/ Reset Password Configure Firebase Authentication to send INVALID_CREDENTIALS instead of EMAIL_NOT_FOUND or INVALID_PASSWORD Unity Firebase Authentication - invalid password Firebase Authentication "auth/invalid-email" and "The email address is badly formatted." Google Firebase forget password How to link Phone with Email and Password Authentication in Firebase? Firebase email/password authentication - how to require email verification? Add a "Full Name" Field to Firebase Email/Password Authentication? How to link a backup email address to a firebase phone authentication? Firebase Authentication ( Email & Password ) how to check existing user
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM