Firebase电子邮件验证行为 [英] Firebase email verification behavior
问题描述
我对Firebase电子邮件验证的工作方式有疑问.
I've got a question about how firebase email verification work.
案例:
- 我的用户使用设备A登录了我的网站.
- 他们使用其他浏览器或设备(设备B)创建了另一个帐户,但他们使用已登录的浏览器和设备(设备A)打开电子邮件验证链接.
已经登录的用户(在设备A中)怎么了? firebase是将其注销还是仅验证新电子邮件,但仍使用当前用户登录?
What happened to the already signed in user (in device A)? Is firebase signed them out or just verify new email, but still signed in with the current user?
推荐答案
电子邮件验证是带外进行的,除非重新加载,否则不会影响任何现有的firebase状态.如果用户验证了他们的电子邮件,则必须调用firebase.auth().currentUser.reload()来更新emailVerified属性.如果您将Firebase规则与emailVerified字段一起使用,则需要在验证后强制刷新令牌(firebase.auth().currentUser.getToken(true)).您可以使用Firebase实时数据库在电子邮件验证上设置一些标志,并在现有会话中对其进行检测以强制用户重新加载.这将需要您构建自己的自定义电子邮件验证处理程序: https://firebase. google.com/docs/auth/custom-email-handler
The email verification occurs out of band and would not affect any existing firebase states until it is reloaded. If a user verifies their email, you have to call firebase.auth().currentUser.reload() to update the emailVerified property. If you are using firebase rules with emailVerified field, you need to force a token refresh (firebase.auth().currentUser.getToken(true)) after verification. You can use the Firebase realtime database to set some flag on email verification and detect it in the existing session to force a user to reload. This would require you build your own custom email verification handler: https://firebase.google.com/docs/auth/custom-email-handler
这篇关于Firebase电子邮件验证行为的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
