In a scenario where a new Firebase user is created without a password, could the user sign in using just their email address (passing a null/empty string as the password)? Or does Firebase reject all attempts to authenticate with email + password when no password is specified in the user auth object?
The Firebase Admin SDK docs are clear that password
is an optional property for createUser()
, but the Password Authentication docs don't appear to specify Firebase's behavior when the user was created without a password. It would also be interesting whether an email link authentication (only) strategy can be enforced by leaving and/or setting a user's password as undefined
, but this also doesn't appear to be explicitly called out in the docs.
Presumably Firebase rejects the email/password auth attempts, creating a de facto requirement for email link authentication (supported anecdotally), but any suggested links to Google authored docs would be greatly appreciated!