I've been facing a weird behaviour while implementing the email verification through Firebase. After creating an account through an Android app, I send an email verification for the user.
The email is being sent properly but it gets verified automatically even before clicking on the link (as in firebaseAuth.currentUser.isEmailVerified
will return true after that). If the user presses on the link afterwards, it will say:
Your request to verify your email has expired or the link has already been used
This only happens with custom domains though. For example if the user uses a gmail account, everything goes normally.
Some more info
The credentials responsible for the email verification is restricted for HTTP referrers with https://{APP-ID}.firebaseapp.com
for the APIs
Firebase Dynamic Links API
and Identity Toolkit API
Any ideas on what might be happening?