I am using Javascript and Vue and integrating firebase with my app

Scenario(Already built)

• I have a sign in page where users sign in
• For a user to be signed in the emailVerified property should be true

Problem

• I am able to send verification email only when i use the firebase.auth().createUserWithEmailAndPassword(email, password) method

Signup method

signup: async (email, password) => {
    const user = await firebase.auth().createUserWithEmailAndPassword(email, password)
    await user.user.sendEmailVerification()
    return `Check your email for verification mail before logging in`
  },

Desired solution

• I create a new user from the firebase console

• I pass email as a parameter or uid and that method should send a verification email to the user so they can verify thier email

• Completely scrap the signup method as i don't need it anymore to send a verification mail

Is there anyway to send a verification email without signing in ?

I am using Javascript and Vue and integrating firebase with my app

Scenario(Already built)

• I have a sign in page where users sign in
• For a user to be signed in the emailVerified property should be true

Problem

• I am able to send verification email only when i use the firebase.auth().createUserWithEmailAndPassword(email, password) method

Signup method

signup: async (email, password) => {
    const user = await firebase.auth().createUserWithEmailAndPassword(email, password)
    await user.user.sendEmailVerification()
    return `Check your email for verification mail before logging in`
  },

Desired solution

• I create a new user from the firebase console

• I pass email as a parameter or uid and that method should send a verification email to the user so they can verify thier email

• Completely scrap the signup method as i don't need it anymore to send a verification mail

Is there anyway to send a verification email without signing in ?

• javascript
• firebase
• vue.js
• firebase-authentication

3 Answers 3

You could use a Cloud Function to generate an email verification link, and send it to the user through an email microservice like Sendgrid, Mailjet or Mailgun or via your own custom SMTP server.

You would trigger this Cloud Function when a Firebase user is created using the functions.auth.user().onCreate() event handler.

Since you will create the user through the Firebase console, the Cloud Function will be triggered without the need for the user to sign-in.

Something along these lines:

exports.sendEmailVerification = functions.auth.user().onCreate((user) => {

    const email = user.email;

    const url = '...'  //Optional, see https://firebase.google./docs/auth/custom-email-handler
    const actionCodeSettings = {
        url: url
    };

    // Use the Admin SDK to generate the email verification link.
    return admin.auth().generateEmailVerificationLink(email, actionCodeSettings)
        .then((link) => {
            // Construct email verification template, embed the link and send the email
            // by using custom SMTP server.
            // or a microservice like Sendgrid
            return ...
        })
        .catch((error) => {
            // Some error occurred.
        });

});

You will find here an official example of a Cloud Function that sends an email.

Is there anyway to send a verification email without signing in ?

Verification emails can only be sent from the client-side SDK, and only after the user has signed in. This is done to prevent the ability to abuse Firebase's servers for sending spam.

If the existing email verification flow of Firebase doesn't fit your needs, you can implement your own custom flow and use the Admin SDKs to set the the verification status once they've met your verification requirements.

It's undocumented, or at least obfuscated from firebase end users, like most of the REST based functionality provided by the admin SDKs.

POST https://identitytoolkit.googleapis./v1/accounts:sendOobCode which is documented under the Identity Platform

It's not exactly fun, but you can most definitely send a sign in link with just REST and a service account, at least generate the link to send via your own email. You will recognize familiar concepts that Firebase must just be wrapping around. (...like action code settings) Some pseudo code shown below. This also involves an exchange for idToken via signInWithCustomToken prior

def params
  {
    requestType: "EMAIL_SIGNIN",
    idToken: id_token,
    returnOobLink: true,
    email: user.email_address,
    continueUrl: landing_page_where_client_side_confirms(id: "confirm", anchor: "no_universal_links", host: HOST)
  }.pact
end

def call
  conn.post("/v1/accounts:sendOobCode", params).body["oobLink"]
rescue Faraday::ClientError => e
  handle_error(e)
end

def conn
  Faraday.new(
    url: ACCOUNT_API_V1,
    params: { key: API_KEY }
  ) do |f|
    f.response :json
    f.response :raise_error
    f.request(:authorization, 'Bearer', access_token) if requires_service_account?
  end
end

Other gotchas you will likely run into is missing scopes, or additional IAM permissions. In this case I'm using an unrelated library to make service credentials less annoying. I only got this far by digging through the source of the admin SDKs, because at the end of the day, they have to make the same exact calls since they don't work on magic.

def authorizer
  @authorizer ||= Google::Auth::ServiceAccountCredentials.make_creds(
    json_key_io: account,
    scope: ['https://www.googleapis./auth/firebase', 'https://www.googleapis./auth/identitytoolkit']
  )
end