I'm creating an Android application that will deliver notifications.
Users can opt-in with a phone number or an email account.
I just need to verify the email the user entered, I don't want to create a Firebase account
Firebase has a FirebaseUser#sendEmailVerification() but that will require to create an account.
In other words, I just want the email verification to be the same as the Phone verification, where Firebase will just send you a code or verification link.
Is there a way to leverage Firebase email verification without creating an account?
For anyone trying to accomplish the same, here's how I was able to do it.
Go to Fibrebase console and enable Email/Password and Anonymous sign-in methods on the Authentication screen
Firebase Authentication screen
Then in you code, create an Anonymous user (this is what does the trick, because now you have a valid user to verify against), change the email, and then send a verification. After that, reload the Firebase user and check isEmailVerified()
mAuth = FirebaseAuth.getInstance();
mAuth.signInAnonymously()
.addOnCompleteListener(this, new OnCompleteListener<AuthResult>() {
#Override
public void onComplete(#NonNull Task<AuthResult> task) {
if (task.isSuccessful()) {
Log.d(TAG, "signInAnonymously:success");
if (mAuth.getCurrentUser().isEmailVerified() == false) {
mAuth.getCurrentUser().updateEmail("<MAIL YOU WANTO TO VERIFY HERE>");
mAuth.getCurrentUser().sendEmailVerification();
Log.e(TAG, "mail sent.....................................");
}
//updateUI(user);
} else {
// If sign in fails, display a message to the user.
Log.w(TAG, "signInAnonymously:failure", task.getException());
Toast.makeText(getApplicationContext(), "Authentication failed.",
Toast.LENGTH_SHORT).show();
}
}
});
Here's the reloading part:
mAuth.getCurrentUser().reload()
.addOnSuccessListener(new OnSuccessListener<Void>() {
#Override
public void onSuccess(Void aVoid) {
Log.e(TAG,( mAuth.getCurrentUser().isEmailVerified() ? "VERIFIED" : "Not verified"));
}
});
Both phone number verification and email verification are tied to a Firebase Authentication account. There is no way to use them with such an account, since the result of a verification is that a the relevant property (email_verified or phone_number) in the user account gets updated.
Related
I am facing problem, When I try to login with email/password via Firebase Authentication. I have already enable the email/password in SIGN-IN-METHOD tab. But whenever I signup in the same app then it allow me and record inserted in Firebase console user list, but when I try to login with the registered email & password I can't move forward, and the exception message is:
The password is invalid or the user does not have a password.
For Login, my code is :
FirebaseAuth auth=FirebaseAuth.getInstance();
auth.signInWithEmailAndPassword(email, password)
.addOnCompleteListener(LoginActivity.this, new OnCompleteListener<AuthResult>() {
#Override
public void onComplete(#NonNull Task<AuthResult> task) {
pb.dismiss();
if (task.isSuccessful()) {
// Sign in success, update UI with the signed-in user's information
Intent intent = new Intent(LoginActivity.this, DrawerActivity.class);
startActivity(intent);
finish();
} else {
// If sign in fails, display a message to the user.
// Log.w("Tag", "Tag signInWithEmail:failure", task.getException());
Log.i("Tags", "Tags signInWithEmail:failure" + task.getException());
Toast.makeText(LoginActivity.this, "Authentication failed.",
Toast.LENGTH_SHORT).show();
}
}
});
This may be when for example user SomeUser registered with email some_user#gmail.com and any password. Then he signed in with google account of the same email and then tries to log in again using email of his google account. In this case google removes password after user links his firebase account to google account. Here are some details
I started getting a FirebaseAuthUserCollisionException exception when I try to sign in with Facebook in my Android application.
com.google.firebase.auth.FirebaseAuthUserCollisionException: An
account already exists with the same email address but different
sign-in credentials. Sign in using a provider associated with this
email address.
I am using Firebase to handle the registration and Facebook to deliver a "one-click" login method, using a com.facebook.login.widget.LoginButton view as a trigger.
These sign-in method was already working. I was able to register a account with Facebook, and use the same method to log-in this account. But now have start to throwing this exception.
Here is the code where I register a account from Facebook and proceed with login:
private void handleFacebookAccessToken(AccessToken token) {
final ProgressDialog dialog = new ProgressDialog(this);
dialog.show(getString(R.string.dialog_wait));
firebaseAuth.signInWithCredential(FacebookAuthProvider.getCredential(token.getToken()))
.addOnCompleteListener(this, new OnCompleteListener<AuthResult>() {
#SuppressWarnings("ThrowableResultOfMethodCallIgnored")
#Override
public void onComplete(#NonNull Task<AuthResult> task) {
if (task.isSuccessful()) {
dialog.close();
registerNewUserFromSocialLogin(firebaseAuth.getCurrentUser());
} else {
if(task.getException() instanceof FirebaseAuthUserCollisionException) {
//TODO: handle sign-in with different credentials
} else {
dialog.close();
LoginManager.getInstance().logOut();
Toast.makeText(LoginActivity.this,
R.string.error_login,
Toast.LENGTH_SHORT).show();
}
}
}
});
}
And my Gradle file with current use library:
compile 'com.google.firebase:firebase-auth:10.2.1'
compile 'com.facebook.android:facebook-android-sdk:[4,5)'
So my problem is: I don't know how to handle FirebaseAuthUserCollisionException exception.
None of the solutions in StackOverflow or Firebase Documentation help me. I am looking for a solution that is able to login the user although the duplicated credential, to stil deliver the "one-click" login method.
You will get that error when the user had previously signed in with the same email using a different provider. For example, the user signs in with email user#gmail.com using Google. The user then tries to sign in with the same email but using Facebook. The Firebase Auth backend will return that error (account exists with different credential). In that case, you should use the fetchProvidersForEmail to look up the existing providers associated with email user#gmail.com, in this case google.com. You signInWithCredential to the existing google account to prove ownership of that account, and then linkWithCredential the Facebook credential the user originally was trying to sign in with. This merges both accounts so in the future the user can sign in with either.
This happens when you use the single accounts per email. If you want to allow different accounts per email, you can switch to multiple accounts per email in the Firebase console.
Here is an example:
mAuth.signInWithCredential(authCredential)
.addOnCompleteListener(this, new OnCompleteListener<AuthResult>() {
#Override
public void onComplete(#NonNull Task<AuthResult> task) {
// Account exists with different credential. Assume the developer wants to
// continue and link new credential to existing account.
if (!task.isSuccessful() &&
task.getException() instanceof FirebaseAuthUserCollisionException) {
FirebaseAuthUserCollisionException exception =
(FirebaseAuthUserCollisionException)task.getException();
if (exception.getErrorCode() ==
ERROR_ACCOUNT_EXISTS_WITH_DIFFERENT_CREDENTIAL) {
// Lookup existing account’s provider ID.
mAuth.fetchProvidersForEmail(existingAcctEmail)
.addOnCompleteListener(new OnCompleteListener<ProviderQueryResult> {
#Override
public void onComplete(#NonNull Task<ProviderQueryResult> task) {
if (task.isSuccessful()) {
if (task.getResult().getProviders().contains(
EmailAuthProvider.PROVIDER_ID)) {
// Password account already exists with the same email.
// Ask user to provide password associated with that account.
...
// Sign in with email and the provided password.
// If this was a Google account, call signInWithCredential instead.
mAuth.signInWithEmailAndPassword(existingAcctEmail, password)
addOnCompleteListener(new OnCompleteListener<AuthResult> {
#Override
public void onComplete(#NonNull Task<AuthResult> task) {
if (task.isSuccessful()) {
// Link initial credential to existing account.
mAuth.getCurrentUser().linkWithCredential(authCredential);
}
}
});
}
}
}
});
}
}
});
There is no need for this, you can just allow multiple accounts merge under firebaase->authentication-> sign in method -> Advanced - > change (multiple accounts per email address.
Firebase will merge the same email address but will give you different user UID.
See sample below.
AuthCredential authCredential = FacebookAuthProvider.getCredential(token.getToken());
mAuth.signInWithCredential(authCredential)
.addOnCompleteListener(this, task -> {
if (task.isSuccessful()) {
// Sign in success, update UI with the signed-in user's information
Log.d(TAG, "signInWithCredential:success");
FirebaseUser user = mAuth.getCurrentUser();
LoginFacebookGoogleActivity.this.updateUI(user);
} else {
// If sign in fails, display a message to the user.
Log.w(TAG, "signInWithCredential:failure", task.getException());
if(task.getException() instanceof FirebaseAuthUserCollisionException){
FirebaseAuthUserCollisionException exception = (FirebaseAuthUserCollisionException) task.getException();
//log this bundle into the analytics to analyze which details you want to collect
}
Toast.makeText(LoginFacebookGoogleActivity.this, "Authentication failed " + task.getException(), Toast.LENGTH_SHORT).show();
LoginFacebookGoogleActivity.this.updateUI(null);
}
});
I am working on an android app, in where I just want to verify mobile number without creating a user account. Is it Possible? I am using the following code
private void startPhoneNumberVerification(String phoneNumber) {
PhoneAuthProvider.getInstance().verifyPhoneNumber(
phoneNumber, // Phone number to verify
60, // Timeout duration
TimeUnit.SECONDS, // Unit of timeout
this, // Activity (for callback binding)
mCallbacks); // OnVerificationStateChangedCallbacks
}
private void verifyPhoneNumberWithCode(String verificationId, String code) {
PhoneAuthCredential credential = PhoneAuthProvider.getCredential(verificationId, code);
signInWithPhoneAuthCredential(credential); // this function is creating user account , if not present. But We Don't want this
}
The following function will create user account if user account is not there, but I don't want to create account, I just want to verify the code entered by the user. Is there any call back method available for that?
private void signInWithPhoneAuthCredential(final PhoneAuthCredential credential) {
mAuth.signInWithCredential(credential)
.addOnCompleteListener(this, new OnCompleteListener<AuthResult>() {
#Override
public void onComplete(#NonNull Task<AuthResult> task) {
if (task.isSuccessful()) {
dialog.dismiss();
FirebaseUser user = task.getResult().getUser();
Toast.makeText(LoginActivity.this, "Success " + user.getEmail(), Toast.LENGTH_SHORT).show();
} else {
Toast.makeText(LoginActivity.this, "Failed ", Toast.LENGTH_SHORT).show();
verifyPhoneNumberWithCode(mVerificationId, editText.getText().toString().trim());
}
}
});
}
You can't verify what the user typed without linking the phone provider to the Firebase user in the process.
But you can unlink the phone from the user account soon after, by calling:
FirebaseAuth.getInstance().getCurrentUser().
unlink(PhoneAuthProvider.PROVIDER_ID)
.addOnCompleteListener(this, onCompleteListener);
There are plenty of uses for verifying that the user has access to this phone number, but shouldn't login with it. I really think that Firebase should allow developers to verify first, and use the credential to login after.
Also:
There is a good chance of Google Play Services verifying automatically. When onVerificationCompleted(PhoneAuthCredential) in your PhoneAuthProvider.OnVerificationStateChangedCallbacks is called. This way the user won't need to type the verification code, and the phone won't be linked automatically.
Verifying a phone number automatically creates a Firebase Authentication account for that user. There is no way to prevent creating this account, as it is what Firebase uses to ensure it knows that user next time they start the app.
You can also update the phone number on the user account.
This will not create new user; instead, it will update the phone number in the existing user account.
val credential = PhoneAuthProvider.getCredential(verificationId!!, smsCode)
FirebaseAuth.getInstance().currentUser?.updatePhoneNumber(credential)
So, I have enabled email/password in the dev console and everything is working fine. Except that I should be getting a confirmation email to the email I inputted, but I'm not getting it. I thought it does it automatically, but apparently it doesn't.
Method for signup:
public void signUp(View v) {
String email = emailET.getText().toString();
String password = passwordET.getText().toString();
mAuth.createUserWithEmailAndPassword(email, password)
.addOnCompleteListener(this, new OnCompleteListener<AuthResult>() {
#Override
public void onComplete(#NonNull Task<AuthResult> task) {
Log.d("AD", "createUserWithEmail: " + task.isSuccessful() + task.getException());
if (!task.isSuccessful()) {
createDialogSignUpError(
getApplicationContext().getResources().getString(R.string.signUpFailedET),
getApplicationContext().getResources().getString(R.string.signUpFailedEM),
getApplicationContext().getResources().getString(android.R.string.ok));
Toast.makeText(SignUp.this, task.getException().toString(), Toast.LENGTH_LONG).show();
} else if (task.isSuccessful()) {
Toast.makeText(SignUp.this, "Registration Successful.", Toast.LENGTH_SHORT).show();
}
}
});
}
It should be sending, but sadly it's not. I've read somewhere on SO that you need to add a method or something to send the email, and it's missing in the docs, but that wasn't Java.
Edit
According to here, it is only supported in iOS and web. Which is pretty surprising, since after all, android IS Google, and Google is Firebase. So is it possible even with creating a custom sent email?
Edit 2: To be more clear, does Android have an Email sender like C#. That would be the best solution if there isn't an API for this.
Now according to the updated firebase documentation
Here is how to send a verification mail to the user that in your case is after creating the account and letting the user to log-in then send him/her a notification that he have to verify the account and then the next login is blocked until he/she didn't verify (I think this is better than making the user is forced to open his email first)
Send a user a verification email
You can send an address verification email to a user with the
sendEmailVerification method. For example:
FirebaseUser user = FirebaseAuth.getInstance().getCurrentUser();
user.sendEmailVerification()
.addOnCompleteListener(new OnCompleteListener<Void>() {
#Override
public void onComplete(#NonNull Task<Void> task) {
if (task.isSuccessful()) {
Log.d(TAG, "Email sent.");
}
}
});
You can now plug any Firebase gaps in email coverage by rolling your own email sender using Firebase Cloud Functions. There's an example here. Of course this means more work than just configuring like the built-in options but at least means we can do whatever we need to do. :)
I knew that we can verify the users email with Firebase Auth 3.0. I'm not able to find any documentation regarding email verification on Android. I'm able to find the same for iOS as well as web but not for Android. Any link to the documentation would be helpful.
From the image, it is clear that once the user signs in, he will be intimated regarding that on email to confirm his subscription. I've subscribed myself and also verified in the users section in Auth tab and I am able to see my mail id and firebase generated unique user id. What's missing here is the confirmation email to my email id. Did some one try this or am I too early trying this? Thanks for your help.
Email verification for android is now available in Firebase.
See this release note:
https://firebase.google.com/support/release-notes/android#9.6
Update
Email verification is available in version 9.6 and higher of the Firebase SDK for Android.
Original answer
Email verification is not available for Android yet. Also answered here with more context.
An alternative suggested by the Firebase team
One thing you could do is to add a node to your Firebase Database which contains all email addresses as children. You should make this node only publicly readable (via Firebase security rules).
Then from within your apps, once a user signs up / signs in, you check if the email of that user is on the list, and if not, you sign them out and kick them out of your app (and as a bonus, you could even log the intruder's email address in your database, so you can later check who is trying to access your app).
This will work for initial testing if you know the e-mail ids of the people who are gonna test your app until the e-mail verification makes its way to Android.
Since email verification only works with Email/Password authentication, the best place to send it wold be in the onComplete method of createUserWithEmailAndPassword(...) method, after signup is successful.
firebaseAuth.createUserWithEmailAndPassword(email, password)
.addOnCompleteListener(this, new OnCompleteListener<AuthResult>() {
#Override
public void onComplete(#NonNull Task<AuthResult> task) {
if (task.isSuccessful()) {
sendVerificationEmail();
....
The custom sendVerification method is:
public void sendVerificationEmail() {
FirebaseUser user = FirebaseAuth.getInstance().getCurrentUser();
if (user != null) {
user.sendEmailVerification()
.addOnCompleteListener(new OnCompleteListener<Void>() {
#Override
public void onComplete(#NonNull Task<Void> task) {
if (task.isSuccessful()) {
Toast.makeText(SignUpActivity.this, "Signup successful.
Verification email sent", Toast.LENGTH_SHORT).show();
}
}
});
}
}
You can then check if the user has verified their email anywhere in your app by calling:
mAuthListener = new FirebaseAuth.AuthStateListener() {
#Override
public void onAuthStateChanged(#NonNull FirebaseAuth firebaseAuth) {
firebaseUser = firebaseAuth.getCurrentUser();
if (firebaseUser != null ) {
Log.e(TAG, firebaseUser.isEmailVerified() ? "User is signed in and email is verified" : "Email is not verified");
} else {
Log.e(TAG, "onAuthStateChanged:signed_out");
}
}
};