Menu
Firebase allows users to change their email client side with
firebase.auth().currentUser.updateEmail("[email protected]")
However, I would like to disable this feature entirely - obviously, I offer no way to access it on my app by default, but if an attacker managed to trick the user into install a Chrome extension or otherwise was able to access client credentials, I would always want it to fail if possible.
Is there anywhere on the Firebase auth console where I can change this functionality or a Cloud function that would stop users from changing their email?
372
To change the support email, the email you want to use needs to be a member of your Firebase project. If you need to add a member, you can select the Add member option. In case you want to use a custom domain, you might have to create a new Google account for that email upon accepting the invitation confirmation email.
As said by @user663031, the answer "no" is correct.
At this moment in time, I do not see anything in the console or otherwise to disable this functionality. As it stands, there are only two Cloud Functions available for Firebase Auth events - user creation and deletion, so that would probably not be applicable to this use case either. The only thing I can think of is to just use the Admin SDK and your own API / backend to facilitate custom authentication for this scenario.
164
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
