0

I need to change the forgot password link in firebase authentication template emails from a URL to a 6 digit verification code only.

The code will be generated on 'forgot password' and emailed to the user, once received the user would need to enter this verification code into the app... and after confirmation, he/she can change their password. How can I achieve this in firebase.

Ralemos
  • 5,571
  • 2
  • 9
  • 18
Kuldip Bhutoria
  • 86
  • 11
  • What have you tried so far? You can check this [community post](https://stackoverflow.com/questions/51325629/firebase-how-to-send-a-password-reset-email-backend-with-nodejs) on how to do it with node.js. – Ralemos Mar 11 '20 at 09:48
  • I have set up user authentication with email/password, the current implementation of reset password also works. However, I want to directly integrate the reset password with my IOS app, meaning a user clicks on the `Reset Password` button in the app and this sends an email to the user with a 6 digit verification code and when the user enters that code in the IOS application, he/she is authenticated to change the password in the app itself and not on the link generated by firebase itself. Is that possible and how. Please help! – Kuldip Bhutoria Mar 11 '20 at 10:25
  • It is possible and there is a firebase documentation for that, check the [Authenticate with Firebase on iOS using a Phone Number Documentation](https://firebase.google.com/docs/auth/ios/phone-auth) and let me know if this helps in any way, there is also one for android if needed. – Ralemos Mar 11 '20 at 14:10
  • I don't want to send the code to the user's mobile but to the user's email Id as a random code. I want to send a password reset email but without a link to set the password and a 6-digit code instead – Kuldip Bhutoria Mar 12 '20 at 04:47

1 Answers1

1

If you check the Customize account management emails and SMS messages documentation you can see that the oobCode is generate and added directly to the URL, and you cannot generate it otherwise.

On this community post a similar problem to yours is suggested and the proposed solution is to generate you own verification mechanism, although it is possible it represents a lot more work on your end than using the pre existing email with url configuration.

Ralemos
  • 5,571
  • 2
  • 9
  • 18
  • 1
    Thanks for your help. I thought of a similar solution to this and I am currently working on it. My solution is to use an https callable function that when the user calls would generate and store a 6 digit verification code in firestore and send that code via sendgrid email to the user. Then when the user uses that code in the app, he would send another request to another https callable function that would verify if the code is correct or not and change the password of the user if correct code matches using the admin SDK to update user's password. Lot of work, but this is what my app demands. – Kuldip Bhutoria Mar 12 '20 at 18:18
  • 1
    It is a lot of work indeed, it's a shame that your app does not fit into what firebase already provides, but anyway, glad I could help :) – Ralemos Mar 13 '20 at 10:10