I have a difficult situation in mobile i need help with. I am working on a android app that allows the user to change their email address after they have successfully logged in. This is part of the account settings menu.
Let's go through the flow so i can show you the issue:
user logs in successfully as firstEmail#domain.com
user goes to account settings area and changes their email to secondEmail#domain.com.
The android app notifies the user that a verification email has been sent to their new email secondEmail#domain.com
User leaves the app and goes to their email app like gmail app and finds the verification email and clicks the link inside to verify the account.
Behind the scenes transparent to user, clicking the verification link updates the back end server to update the database with new email address.
User returns to the android app but is still logged in as firstEmail#domain.com
How can i notify the application that the user verified the email ?
I was thinking one approach could be that after user clicks on the verification link and back end DB is updated, that i could redirect them with a deep link into the app and update the new email that way but need advice as user could open the verification link from their pc or anywhere else.
Deep linking is better idea also you need to receive notification in application that email is verified and that notification you would fire or make it background by setting notification type you can do that one, so all device will receive that notification which you logged with same user.
Thanks, i hope this will work.
Log them out after they changed the account email. They should not be able to use the 1st email anymore. The account must use the 2nd one, albeit inactive until your backend is updated with verification.
Related
I am developing an app on Android Studio using Firebase. There is an option for users that has forgotten password. They will be prompted to enter their email and using Firebase send sendPasswordResetEmail(email), where an email to reset their password will be sent. However, when clicking the link user is prompted to only enter their new password ONCE. For security purposes, is there a way to ask user to enter their new password TWICE instead of just ONCE?
The page when clicking the link in sendPasswordResetEmail
I've tried using Deep Link, Android App Link, Action Code Settings, or Sign-In Email Authentication Link but it all seems too complex and doesn't exactly match what I want.
All I want is for when users click forget password, they need to enter the new password TWICE instead of just ONCE, and obviously for some authentication step to confirm that it is the right user that has forgotten their password and not some random person.
I've been facing a weird behaviour while implementing the email verification through Firebase. After creating an account through an Android app, I send an email verification for the user.
The email is being sent properly but it gets verified automatically even before clicking on the link (as in firebaseAuth.currentUser.isEmailVerified will return true after that). If the user presses on the link afterwards, it will say:
Your request to verify your email has expired or the link has already been used
This only happens with custom domains though. For example if the user uses a gmail account, everything goes normally.
Some more info
The credentials responsible for the email verification is restricted for HTTP referrers with https://{APP-ID}.firebaseapp.com for the APIs
Firebase Dynamic Links API and Identity Toolkit API
Any ideas on what might be happening?
Did you previously make an account with that email, verify the email, then delete the account? I had this same issue, it seems like firebase remembers email verification by email address, not by account.
This is likely an issue with firebase (albeit a rarer edge case in practical use), but if you're just doing testing, try using another email.
UPDATE: See comment below, it appears to be domain-related
I have added the EMAIL VERIFICATION PART in my project.
So every user need to verify their email before login.
But I want to add some user manually in Firebase, and I did that also into my project and I successfully added that.
BUT main problems is that when I try to LOGIN using that email I am having error message like "Please verify your email...".
But as I told you earlier I added user manually in Firebase, so I didn't receive any verification email into that perticular account.
So is there any way to login using manually added users into my app?
Firebase Authentication doesn't check anywhere whether the user has verified their email address. So if your app shows a message to that effect, it's either your application code, or a library that you use, that is show the message.
Normally a user's email address is only changed to verified if they follow the flow outlined in sending a user a verification email. You can do this from your application in the same place where it now detects that the user is not verified.
Alternatively, you can mark the user as verified using the Admin SDK, after adding them in the console. For an example of how to do this, see update a user profile in the documentation. Keep in mind: the Admin SDKs can only be run in trusted environments, such as your development machine, a server you control, or Cloud Functions.
i am creating an android app that can register a user through social networking sites like gmail, Facebook and twitter. Now if a user logged in through his/her email id then i can register him through his email id, but if a user is logging in through phone number, and he hasn't provided any email id in Facebook, so how can i get any verified data like phone number or email id as Facebook does not gives its user phone number here and user hasn't provided any email id in Facebook (he has logged in via phone number)
Edit
this is what i've tried so far
here i use to login a user though phone number and that user is not so frequent actually so the only few details i get so far
There is no way to get the phone number of a Facebook user via the Graph API. Even not if the user set it to public.
When the user logs in from Facebook in your app you can place an Edit text which would already be half filled with the information provided by Facebook and then you can ask the user to fill the empty required fields it could also act as final confirmation of the user info and then proceed further.
Thanks
I am developing an app that would allow users to invite his friends to an event.
What I want to achieve is that when the host is inviting friends, he can invite those that are not on the app through a button. This would send a message to those invited friends that includes a link to install our app. Once they install the app, they can login and will immediately view events he is invited to. Can this be done?
The concern is that when the user who receives the invitation message and installs the app and logs on, how will the app know the person who logged in is the person that is invited in the first place? If the app cannot associate them, how can we provide the relevant events to him once he has logged in? Is what I want to achieve unattainable?
I think it might be done through the old Facebook API, but their new one will only allow an app to access a user's friends who are also on the app and not those that are not on the app. In this case, is there a way for us to pull the UID of those invited through FB's messaging dialog? And will this work with group chat?
I know that another way will be to do it via phone number confirmation and accessing the user's contacts, but I want the invitation process to be through facebook if that is possible.
Thank you all for your help in advance.
Lok