Replies: 10 comments
-
Is there a reason why you're not using https://firebase-php.readthedocs.io/en/5.9.0/user-management.html#email-verification ? 😅 |
Beta Was this translation helpful? Give feedback.
-
I would like to implement my own email verification system instead of using the default Firebase one. I'm creating a custom Action URL (see https://support.google.com/firebase/answer/7000714) that points to my website and would like to verify using the |
Beta Was this translation helpful? Give feedback.
-
Oh! I think I just misunderstood, now I do. I believe the feature to confirm the verification of an email is not yet implemented, but I think it should be not too difficult to implement, I will try to do that this weekend - but this, of course, doesn't help with the wish to create a custom solution.
This Admin SDK works with service-account credentials, not with API keys (just like the official Admin SDKs 😅). The |
Beta Was this translation helpful? Give feedback.
-
Not sure what you mean by custom solution here, but having the email verification capability through the Auth API client would be sufficient. The main goal is to direct the user to my website and verify with Firebase server-side rather than sending the user to a generic Google page. Will keep an eye out for your commit this weekend. Thanks! |
Beta Was this translation helpful? Give feedback.
-
I was referring to "I've tried implementing my own solution", but I most likely just misunderstood, but just to be sure: you don't have the requirement to have an API key for authenticating the requests to the Firebase APIs, right? 🤞 |
Beta Was this translation helpful? Give feedback.
-
Ah, what I was referring to when I said "I've tried implementing my own solution" was to make the changes to the library myself. However that is when I ran into issues with the I don't have a requirement for using the API key, if there is a different way of doing it then that is perfectly fine with me. I just referring to the API key because that was used in the Firebase docs that I linked. |
Beta Was this translation helpful? Give feedback.
-
Short status update: I got it working with the SDK, but the UID is required by Firebase along with the OOB code, otherwise the request is not accepted. However, this request doesn't seem to have any effect on the user record - if I re-fetch the user in question, the attribute I've pushed this to the verify_email branch as 0629359 if you want to explore this further. At the moment I don't see much sense in implementing that method - yes, the Firebase Auth REST API exposes this endpoint, but what would be the benefit 😅. But perhaps I just don't understand it correctly, in that case, I'd be glad if you could explain it to me further - perhaps the method does work as intended and I just don't realize it :). |
Beta Was this translation helpful? Give feedback.
-
That should not be the case, according to the rest API docs and my own testing using Postman. As you can see only the I have not yet personally verified whether calling this endpoint does indeed set |
Beta Was this translation helpful? Give feedback.
-
Thank you for your feedback! I'll test this with the API key instead of the service account credentials as well - if this works, I'll probably have to create a support ticket with Google/Firebase, because it then should work with the Service Account as well (they're admin credentials after all) 🤔 |
Beta Was this translation helpful? Give feedback.
-
I encountered the same problem, and following the description in the rest API docs (thanks @chyt for linking it!) I managed to find a quite simple solution using only $httpClient = new GuzzleHttp\Client();
$url = 'https://identitytoolkit.googleapis.com/v1/accounts:update?key=' . $_GET['apiKey'];
$response = $httpClient->request('POST', $url, [
'json' => ['oobCode' => $_GET['oobCode']]
]);
$data = json_decode((string) $response->getBody(), true);
print_r($data); I can confirm that calling this endpoint sets A more elaborate version containing error handling: use GuzzleHttp\Client;
use GuzzleHttp\Exception\ClientException;
use GuzzleHttp\Exception\RequestException;
if (!isset($_GET['mode']) || !isset($_GET['apiKey']) || !isset($_GET['oobCode']))
throw new \Exception('Missing query parameter');
if ($_GET['mode'] === 'verifyEmail' || $_GET['mode'] === 'verifyAndChangeEmail') {
try {
$httpClient = new Client();
$url = 'https://identitytoolkit.googleapis.com/v1/accounts:update?key=' . $_GET['apiKey'];
$response = $httpClient->request('POST', $url, [
'json' => ['oobCode' => $_GET['oobCode']]
]);
$data = json_decode((string) $response->getBody(), true);
print_r($data);
} catch(ClientException $e) {
$response = $e->getResponse();
$error = json_decode((string)$response->getBody(), true)['error'] ?? false;
if (!$error)
throw new \Exception('Something went wrong');
$code = $error['code'] ?? null;
$message = $error['message'] ?? '';
$error_map = [
'EXPIRED_OOB_CODE' => 'The action code has expired',
'INVALID_OOB_CODE' => 'Action code is malformed, expired, or has already been used',
'USER_DISABLED' => 'The user account has been disabled by an administrator',
'EMAIL_NOT_FOUND' => 'There is no user record corresponding to this identifier'
];
if ($code === 400 && ($error_map[$message] ?? false))
throw new \Exception($error_map[$message]);
} catch(RequestException $e) {
throw new \Exception('Something went wrong');
}
} else {
/* ... */
} |
Beta Was this translation helpful? Give feedback.
-
Is your feature request related to a problem? Please describe.
I'd like to be able to perform email verification using this library: https://firebase.google.com/docs/reference/rest/auth#section-confirm-email-verification
Describe the solution you'd like
I've tried implementing my own solution by making changes to
Auth
andApiClient
based on the existing endpoints. Here is sample code:However, this results in a
MISSING_LOCAL_ID
error message. I have determined that this is tied to the API client configuration, specificallyFactory.php
line 619:I have not been able to find any documentation about what this does, but it breaks the email verification request.
Describe alternatives you've considered
I have been able to get it to work by creating my own separate client and passing in the
apiKey
andoobCode
as specified in the rest API docs. However I'd like to know what it would take to create a solution infirebase-php
.Beta Was this translation helpful? Give feedback.
All reactions