0

is there any way how can IAP proxy check whether is user email address verified? Currently anyone can get IAP token with correct credentials (using GCP Identity Platform). We have heavy traffic to our backends from users without email verification. I can't see any settings for IAP or Identity platform how to activate user after that verification.

Of course there is an option to check verified email on frontend and backend, but it will be much better to handle this by IAP.

We are using this SDK https://firebase.google.com/docs/auth/web/password-auth

Thanks a lot for any help or ideas Lukas

Lukáš Prudil
  • 33
  • 5
  • What do you mean by "verified" though? All requests are verified when they go through IAP, if I'm not mistaken – fabc May 18 '21 at 08:42
  • If you are getting an IAP token with correct credentials it means that the user is already verified. What are the operations that the unauthenticated users are doing? Are they verified using another method (username,...)? If you only want to autheticate users by email you should only enable this option in Identity Platform (Firebase Auth) – BittorH May 26 '21 at 07:53
  • Did you solve your issue? Did the previous comments help you? – Javier A May 31 '21 at 10:10
  • @JavierA yes we solved that by Cloud function trigger before Sign In https://cloud.google.com/identity-platform/docs/blocking-functions#requiring_email_verification_on_registration – Lukáš Prudil Jun 01 '21 at 12:32

0 Answers0