13

As said in the title, no matter how I try the Facebook login, the emailVerified field is always false. Is this by design? I've read through the whole firebase docs by now, can't seem to find any information regarding this. Just to be sure: I've tried with 4 different verified accounts, the result is always the same. Any idea what could cause this kind of behavior?

Andrew
  • 2,063
  • 3
  • 24
  • 40
  • where is the peice of code? Also have you created app on facebook developers? – Lalit Poptani Jul 15 '16 at 14:28
  • I'm really not sure what kind of code is needed here, the auth works just fine, everything else is fine, I get the display name, photo url, everything. It's just the `emailVerified` field that is always false. Obviously I have created a Facebook app. – Andrew Jul 15 '16 at 14:41

3 Answers3

12

the reason why Google provider emails are verified and Facebook emails are not is because Google is considered a trusted provider (You can create an email account using Google). Let's take another example. If you set up an email with yahoo, you will get an email myself@yahoo.com. If you sign in using yahoo OAuth 2.0, you know for sure that user is verified since Yahoo is the actual owner and issuer of that email address. However, you could also use that same email to create a facebook account or some other account like github or twitter and verify using your phone number or some other means. In that case, if you sign in using Facebook, the email is not verified (facebook does not own or manage that email address). Normally if you wish to verify the email in that case, you have to send the email verification (experimental at the moment and only available in web and iOS but should eventually come to android).

bojeil
  • 29,642
  • 4
  • 69
  • 76
  • 2
    In this is the case the docs should be clear about this. AFAIK Facebook **ONLY** returns the email if it has been verified, meaning the field should either be `true` if the email exists or false when the email does not exist. That's what I was expecting at least. – Andrew Jul 16 '16 at 10:53
  • I see this reason everywhere, but apparently this doesn't count when signing in using Apple Sign In. The emails returned by Apple Sign In is always considered verified in Firebase Auth. What is the reason for this behaviour, since Apple in most cases is not the owner or issuer of the email address as well. And as Andrew is mentioning, Facebook does not return the email address if the Facebook user was only verified using phone number. – dynamokaj Apr 12 '20 at 04:31
  • 1
    Is there a link to the firebase documentation that shows a matrix of which providers are default emailverified? – user1961 Jan 29 '22 at 21:35
  • found this discussion for anyone who finds this in the future re: facebook's emails are not verified https://github.com/firebase/firebase-js-sdk/issues/340 – user1961 Jan 29 '22 at 21:40
7

The solution I provide would probably be useless to the OP since it was asked last year but hope it helps someone else. While I agree with bojeil's answer, it's somewhat annoying for real users to verify their Facebook email address when signing in with Facebook.

I encountered this problem on Android today and applied a work around since isEmailVerified() If condition always threw false and returned the user back to login page, here's the work around extracted from my code:

FirebaseUser  mUser = mAuth.getCurrentUser();


        if(!mUser.getProviders().get(0).equals("facebook.com")) {

            if (mUser.isEmailVerified()) {

                Intent mainIntent = new Intent(getActivity(), MainActivity.class);
                mainIntent.addFlags(Intent.FLAG_ACTIVITY_CLEAR_TOP);
                mainIntent.addFlags(Intent.FLAG_ACTIVITY_NEW_TASK);
                mainIntent.addFlags(Intent.FLAG_ACTIVITY_CLEAR_TASK);
                startActivity(mainIntent);


            } else {

                Snackbar.make(getView().findViewById(R.id.loginLayout), "Please verify your account!", Snackbar.LENGTH_LONG).show();

            }

        }else{

            Intent mainIntent = new Intent(getActivity(), MainActivity.class);
            mainIntent.addFlags(Intent.FLAG_ACTIVITY_CLEAR_TOP);
            mainIntent.addFlags(Intent.FLAG_ACTIVITY_NEW_TASK);
            mainIntent.addFlags(Intent.FLAG_ACTIVITY_CLEAR_TASK);
            startActivity(mainIntent);

        }

The first If statement checks if the user is signing in with Facebook,if yes the user is taken to the MainActivity, if not the isEmailVerified() method is invoked normally for email/password users and for Google sign in usersisEmailVerified()always returns true.

RamithDR
  • 2,103
  • 2
  • 25
  • 34
1

Firebase provides a process for "verifying" an email address -- but NOT for all platforms yet. This feature is not available for Android ... in fact, one cannot even query whether an eMail has been verified using Android code (even if you used a web or server code to perform the verification).

The "expected" process would normally be:

  1. Authenticate a user's email (using any of the providers)
  2. Call the Firebase function to send an eMail for verification
  3. Respond to a verification link by setting verified Check, using client, to see if the eMail has been verified (could be days for the user to handle)
  4. Until eMail is verified, disallow appropriate
    functions in your code (e.g. linking different authenticated
    providers)

If you use an Android client currently, you cannot instigatge step 2.

ErstwhileIII
  • 4,829
  • 2
  • 23
  • 37
  • 3
    I'm using the web sdk, not android. I know about the email verification process and it's working well, but I don't want the users to verify their email addresses when in fact it's been already verified by Facebook. If I test the auth with Google the `emailVerified` field is `true`, so it's definitely working there. I would like to know why it is not working with Facebook. – Andrew Jul 15 '16 at 15:50
  • because the email I used for signing up in Facebook is not owned by them . Its not the case with google @andrew – Jeesson_7 May 20 '21 at 10:08