14

The docs from Firebase suggest that the API offers the same features as the console:

It is not always convenient to have to visit the Firebase console in order to manage your Firebase users. The admin user management API provides programmatic access to those same users. It even allows you to do things the Firebase console cannot, such as retrieving a user's full data and changing a user's password, email address or phone number.

But the reference docs don't list a function to reset a user's password. Am I missing something?

Oliver Lloyd
  • 4,936
  • 7
  • 33
  • 55

2 Answers2

37

EDIT: This answer is now out of date, see Andrea's answer below for how to send a password reset link through the Firebase SDK.

It depends on which definition of 'reset' you're using.

If you mean reset as in 'change', then yes - the updateUser function allows you to provide a new password. See the following example from the docs:

admin.auth().updateUser(uid, {
  email: "modifiedUser@example.com",
  phoneNumber: "+11234567890",
  emailVerified: true,
  password: "newPassword",
  displayName: "Jane Doe",
  photoURL: "http://www.example.com/12345678/photo.png",
  disabled: true
})
  .then(function(userRecord) {
    // See the UserRecord reference doc for the contents of userRecord.
    console.log("Successfully updated user", userRecord.toJSON());
  })
  .catch(function(error) {
    console.log("Error updating user:", error);
  });

If, on the other hand, you mean reset as in 'send a password reset email', then no, there doesn't seem to be a simple way of doing so via the Admin SDK.

Joe Clay
  • 33,401
  • 4
  • 85
  • 85
  • I'm surprised that option - to edit the password in plain text - is even there. Doesn't seem like a credible reset scenario to me which is why I thought I'd missed something but I guess not. – Oliver Lloyd Sep 25 '17 at 13:55
  • @OliverLloyd: Yeah, seems like a weird omission. – Joe Clay Sep 25 '17 at 15:13
  • 1
    @OliverLloyd: Follow-up - the answer to [this question](https://stackoverflow.com/questions/41882626/firebase-admin-sdk-create-user-and-send-verification-email) could probably be adapted to your needs, as the standard client API allows you to send a password reset email. – Joe Clay Sep 26 '17 at 08:50
  • @JoeClay so i would assume it would be up to us, and good practice, to encrypt/hashWithSalt the password prior to storing it in this case? I am using phone auth to sign in my users and then prompting them to create a password as an extra level of security after a successful phone verification. – DevMike Aug 27 '19 at 23:49
  • I think that would lead to it being double-hashed on the Firebase server, which would prevent people from logging in. Not sure though! – Joe Clay Aug 28 '19 at 08:14
  • is it possible can we change other user email and password in android native app – pankaj sharma Sep 27 '21 at 10:58
8

Yes, you can. To generate a password reset link, you provide the existing user's email. Then you can use any email service you like to send the actual email. Link to documentation.

// Admin SDK API to generate the password reset link.
const userEmail = 'user@example.com';
admin.auth().generatePasswordResetLink(userEmail, actionCodeSettings)
  .then((link) => {
    // Construct password reset email template, embed the link and send
    // using custom SMTP server.
    return sendCustomPasswordResetEmail(email, displayName, link);
  })
.catch((error) => {
  // Some error occurred.
});
Andrea
  • 553
  • 9
  • 12