4

I've got a problem with registration in Flutter. As far as I see, firebase sign in user automatically after registration. I want to prevent this action, because in my app every user must be confirmed.

I saw the solution for this case in other topic but IMO, calling signout after registration isn't good idea because we need to do additional step. Is there any possibility to remove sign in after registration in prettier way?

Thanks!

Fifis
  • 220
  • 4
  • 10
  • I wrote a quick answer, but have a feeling we can probably help you better if we know **why** you don't want the user auto-signed in. See [what is a XY problem?](http://meta.stackexchange.com/questions/66377/what-is-the-xy-problem) – Frank van Puffelen May 09 '20 at 13:38
  • Frank, reason why I what that is in description. I just want to don't let unconfirmed users to sign in – Fifis May 09 '20 at 13:46
  • OK, that word "unconfirmed" is getting us one step closer. Are you talking about only wanting them to be able to use the app after they verified their email address? In Firebase, authentication (them proving their credentials) and authorization (them being allowed to do certain things) are completely separate steps. – Frank van Puffelen May 09 '20 at 13:50
  • Yup, unconfirmed user shouldn't have possibility to use application – Fifis May 09 '20 at 13:51
  • I added more information for that to my answer. – Frank van Puffelen May 09 '20 at 13:58

1 Answers1

5

Creating an account from the client-side Firebase Authentication SDKs automatically signs that user in. There is no way to prevent this.

Also see:

If you want to prevent a user from using the application until they've confirmed their email address, that is an authorization question.

The approach here is two-step:

  1. In your application code you check if they've verified their email address, and only redirect them to the main screen if they have.
  2. In any server-side code you decode the ID token, and check if the email address is verified.

Also see:

Frank van Puffelen
  • 565,676
  • 79
  • 828
  • 807
  • so the only solution is to use Admin SDK? – Fifis May 09 '20 at 13:38
  • 1
    If your goal is to allow someone to create accounts for other users, that is indeed an administrative use-case and the Admin SDK is the solution for that. Alternatively you can use the hacky-but-functioning *workaround* suggested here: https://stackoverflow.com/questions/37517208/firebase-kicks-out-current-user – Frank van Puffelen May 09 '20 at 13:45