Firebase Authentication & Security Concerning

Continuing the discussion from Firebase Authentication Template:

Read the above topic, make me little curios about security in sign up procedure in firebase authentication.

  1. If we look at the Firebase authentication template, they are clearly mention for email verification see below
  2. If we look at Kodular Firebase authentication they are also have method to do that

.

  1. I believe points 1 & 2 should be used in the registration method in our app to prevent users from using fake emails to grant access to use the app.

4.If there is no email verification during the registration process, how do we know that the user is the person who has the registered email?.

I have tried firebase authentication using OTP through the telephone provider and this is a good and easy way to do it, but it has a limited quota of only 50 sms per day.

Therefore, I tried another method in the form of a registration method by email.
Unfortunately, the application that I made directly gives access to the main application without email verification. I checked my personal email which was used for registration, did not receive an email verification link like the template in firebase authentication.

I want someone who can provide enlightenment / help to use the signup method with email verification in firebase authentication.

While waiting for help, I’ll keep googling and try my app to match my expectations.

Have you tried like this to very your email

After sign up, verify. If verified, you can direct the app to follow the remaining

I do … but nothing happen in my email …

Which is why my template doesn’t have it either. I couldn’t get it to work, and I stopped work on the template because it wasn’t really helping anyone now that Firebase Authentication is available as a component. My Firebase Auth template made more sense as a custom Realtime Database-based account system - which I wouldn’t necessarily recommend anymore.

I’m curious to see if anyone can shed light on how to get verification to work.

1 Like

Agree with you, and for now I prefer to use the OTP method, because besides being easier it is also not too much of a problem. and consciously there are consequences for the sms quota. and I hope the kodular team can provide the best solution for repairing the firebase component. So it’s best if I close this topic.

If possible ref this video too

If you are not too much aligned towards firebase authentication, here (Easy Signup with OTP verification and password reset) is another out of box solution to verify user sign up using otp send to email address. However if the email is already registered you have to write your own code around that.

I never thought that far, it’s a clever thing. :grinning: