1

I use nuxt (vue) for my application and firebase to authenticate my users. For that, I send a post request with axios. So far so good. I get a response with some credentials. Then I'm sending another post request with axios to send the user a verification email. This is working as well. But I don't get where the information that the user verified the email address by clicking on the link is saved. So I cannot make that as a condition for my authentication process.

I also don't get an error if I'm logging in with my email and password without verifying the email.

https://firebase.google.com/docs/reference/rest/auth/#section-create-email-password

https://firebase.google.com/docs/reference/rest/auth/#section-send-email-verification

Thanks so much for your help in advance.

Improve this question

1 Answer 1

Reset to default
1

Firebase does not block access if you don't verify your email since many applications do not require that. It is up to you to enforce that via your security rules. Example:

"$uid": {
  ".write": "auth.token.email_verified === true && auth.uid === $user",
  ".read": "auth.token.email_verified === true && auth.uid === $user"
}

The ID token of a verified user will contain email_verified set to true. Firebase Auth will store that value when the user clicks the email verification link. To detect that on the user, you need to user.reload() which will set user.emailVerified to true. To force the ID token to pick up these changes, you can force token refresh user.getIdToken(true).

Improve this answer
Sign up to request clarification or add additional context in comments.

1 Comment

I get Unknown variable '$user'. Where have you put these rules?

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.