Is login needed after user email verification on Firebase?

3
votes

I handle user email verification as in the docs. When user verifies email by clicking the link does he also need to login also? Because after this process when I check it with "firebase.auth().currentUser" on console it returns null. I would expect it would auto login after clicking the verification link.

function handleVerifyEmail(auth, actionCode, continueUrl) {
  // Try to apply the email verification code.
  auth.applyActionCode(actionCode).then(function(resp) {
    // Email address has been verified.

    // TODO: Display a confirmation message to the user.
    // You could also provide the user with a link back to the app.

    // TODO: If a continue URL is available, display a button which on
    // click redirects the user back to the app via continueUrl with
    // additional state determined from that URL's parameters.
  }).catch(function(error) {
    // 
  });
}
1
firebasefirebase-authentication

1 Answers

2
votes

Email verification does not auto-login. It just verifies the user's email. You have 2 situations here:

  1. User opens the link on the same device and it is opened in the same browser where the user initially logged in and sent the email verification, but in a different app. The continue URL takes the user back to a page of the same domain as the page where they initially logged in. In that case the user would be logged in.
  2. The user opens the link on a different device or browser. In that case, the user is not logged in. You have to login the user again after they click the continue URL and are redirected to it.

As the email verification may happen on a different domain or the email could have been triggered from a mobile app, logging in the user on the action callback page after verification may be a bad idea and could leave a dangling auth state.