Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

Firebase Facebook auth: email verified always false

As said in the title, no matter how I try the Facebook login, the emailVerified field is always false. Is this by design? I've read through the whole firebase docs by now, can't seem to find any information regarding this. Just to be sure: I've tried with 4 different verified accounts, the result is always the same. Any idea what could cause this kind of behavior?

like image 233
Andrew Avatar asked Jul 15 '16 14:07

Andrew


2 Answers

the reason why Google provider emails are verified and Facebook emails are not is because Google is considered a trusted provider (You can create an email account using Google). Let's take another example. If you set up an email with yahoo, you will get an email [email protected]. If you sign in using yahoo OAuth 2.0, you know for sure that user is verified since Yahoo is the actual owner and issuer of that email address. However, you could also use that same email to create a facebook account or some other account like github or twitter and verify using your phone number or some other means. In that case, if you sign in using Facebook, the email is not verified (facebook does not own or manage that email address). Normally if you wish to verify the email in that case, you have to send the email verification (experimental at the moment and only available in web and iOS but should eventually come to android).

like image 180
bojeil Avatar answered Oct 11 '22 03:10

bojeil


The solution I provide would probably be useless to the OP since it was asked last year but hope it helps someone else. While I agree with bojeil's answer, it's somewhat annoying for real users to verify their Facebook email address when signing in with Facebook.

I encountered this problem on Android today and applied a work around since isEmailVerified() If condition always threw false and returned the user back to login page, here's the work around extracted from my code:

FirebaseUser  mUser = mAuth.getCurrentUser();


        if(!mUser.getProviders().get(0).equals("facebook.com")) {

            if (mUser.isEmailVerified()) {

                Intent mainIntent = new Intent(getActivity(), MainActivity.class);
                mainIntent.addFlags(Intent.FLAG_ACTIVITY_CLEAR_TOP);
                mainIntent.addFlags(Intent.FLAG_ACTIVITY_NEW_TASK);
                mainIntent.addFlags(Intent.FLAG_ACTIVITY_CLEAR_TASK);
                startActivity(mainIntent);


            } else {

                Snackbar.make(getView().findViewById(R.id.loginLayout), "Please verify your account!", Snackbar.LENGTH_LONG).show();

            }

        }else{

            Intent mainIntent = new Intent(getActivity(), MainActivity.class);
            mainIntent.addFlags(Intent.FLAG_ACTIVITY_CLEAR_TOP);
            mainIntent.addFlags(Intent.FLAG_ACTIVITY_NEW_TASK);
            mainIntent.addFlags(Intent.FLAG_ACTIVITY_CLEAR_TASK);
            startActivity(mainIntent);

        }

The first If statement checks if the user is signing in with Facebook,if yes the user is taken to the MainActivity, if not the isEmailVerified() method is invoked normally for email/password users and for Google sign in usersisEmailVerified()always returns true.

like image 39
RamithDR Avatar answered Oct 11 '22 01:10

RamithDR