2

I am trying to set up email verification on an existing project. I stumbled into two different documentation that uses two different methods for this but still follows the same flow

  1. sendEmailVerification
  2. sendSignInLinkToEmail

The only difference that I saw was that we have to specifically create the ActionCodeSettings object when using sendSignInLinkToEmail so as to specify that it is being used for verification whereas this is not needed when using sendEmailVerification.

I am assuming, the main difference in the explanation of the docs was that one was used in authenticating the user, and the other was used to verify the user. Although this security StackExchange post helped me understand the difference a little bit, I still am confused about how it differentiates in the context of the user's sign in experience

nsrCodes
  • 625
  • 10
  • 25

1 Answers1

4

One is for authentication, the other is to validate the email.

sendEmailVerification is a one-time event to verify that the user's email address is valid. It sets the emailVerified value in the User object. Once the email is verified you wouldn't call it again. This is used during the registration process.

sendSignInLinkToEmail is an authentication method that allows a user to log in by clicking a link that's sent to them by email instead of entering an email/password or logging in through a federated account. If this is the user's preferred authentication method, you would call this every time the user wants to log in.

Brian Burton
  • 3,648
  • 16
  • 29
  • 1
    does `sendEmailVerification` set the `emailVerified` field to true on it's own or do we have to handle the request at the action URL? – nsrCodes Feb 08 '21 at 13:32
  • 1
    Firebase handles it for you automagically. [Here's a Firebase blog post](https://firebase.googleblog.com/2017/02/email-verification-in-firebase-auth.html) that goes into better detail than the docs. – Brian Burton Feb 08 '21 at 13:51
  • I have referred that article before but could not find any references online to implement email verification on a webapp – nsrCodes Feb 08 '21 at 14:28
  • 1
    That article has code examples that can be easily transposed to any other language. 1. Authenticate the user 2. If the User object's emailVerified value is false, call the sendEmailVerification() function. 3. Firebase handles the rest. – Brian Burton Feb 09 '21 at 07:48
  • Do you know a way to apply verification email in this case: https://stackoverflow.com/questions/66114853/sending-verification-email-to-existing-users – nsrCodes Feb 09 '21 at 08:00
  • 1
    Yeah just answered it with an example – Brian Burton Feb 09 '21 at 09:15