9

Firebase allows only one language for confirmations emails. Whole nicely done products are useless for multi-language apps. I want to make my own confirmation system. The only question is how can I get this oobCode which is generated inside firebase. site.com?mode=&oobCode=

Thank you.

saintPeter
  • 203
  • 4
  • 14

2 Answers2

15

There is currently no way to generate a valid oobCode value through the Firebase Authentication API. It can only be sent in the (as you've said "non-translatable") email message.

But you can build your own email verification mechanism if you want, using your own confirmation code to verify email ownership. You'd:

  1. Generate a random, unguessable code on a server
  2. Send it to the user's email address and then
  3. When the user clicks the confirmation link, have your own end point on the same server that you call back to
  4. At this point you can use the Firebase Admin SDK to set the emailVerified property to true.

For an example of the last step, see: https://firebase.google.com/docs/auth/admin/manage-users#update_a_user

Thanks to @Nikhil in the comments: Alternatively you can roll your own verification altogether and use the Admin SDK to set emailVerified to true. See the Firebase documentation for an example of that.

Frank van Puffelen
  • 565,676
  • 79
  • 828
  • 807
  • 1
    so we cannot use updateUser admin method if we do sendVerificationEmail() method on client? The updateUser method needs the uid and currently there is no way to send uid of the user in the email template correct? – Nikhil Feb 22 '17 at 23:44
  • Uhm... yes, good point. I forgot that the Admin SDK now updating user profiles. Alternatively you can indeed roll your own verification altogether and simply use the Admin SDK to set `emailVerified` to true. See the [Firebase documentation](https://firebase.google.com/docs/auth/admin/manage-users#update_a_user) for an example of that. – Frank van Puffelen Feb 23 '17 at 01:04
  • thank you! Silly question - The getUser() or updateUser() updates UserRecord object, I would still need to update the fields in the database for the user at my /users/uid location. Correct? – Nikhil Feb 23 '17 at 01:31
  • There is no implicit connection between a user node in the database and the user's record in Firebase authentication. Any such connection is made by your code, so much also be maintained (updated in this case) by your code. – Frank van Puffelen Feb 23 '17 at 04:29
  • 3
    This solution does not work in its entirety today. If you set up your own verification system, you won't be able to update the user's password in the event that they require a password reset. You have to use the Firebase SDK to update the password using their `oobCode` which means you have to let the Admin SDK generate the links. You can do that by spinning up a Firebase Function, use Admin SDK to generate these link, then use an email provider like SendGrid to send the email. This will also save you a lot of time. https://firebase.google.com/docs/auth/admin/email-action-links – Kevin Aung Sep 10 '20 at 16:47
0

For NodeJS, here is how you generate an oob code similar to Firebase.

import crypto from "crypto";

function generateCode() {
  // 54 length base64 string
  let code = crypto.randomBytes(40).toString("base64");
  // remove padding
  code = code.replace(/=+$/, "");
  return code.replace(/\+/g, "-").replace(/\//g, "_");
}
Máté Homolya
  • 548
  • 6
  • 10