When selecting email enumeration protection it is said that we should not be using updateEmail()
and instead use verifyBeforeUpdateEmail()
:
Firebase Doc Reference
Here is some more information about it:
Email Enumeration Docs
As said in the above document:
Users cannot change their email address without first verifying the new address. For example, you can no longer change a user's email address with the update REST API, the setAccountInfo REST API, or the updateEmail client SDK method on all platforms.
You can use verifyBeforeUpdateEmail for Web and Android or sendEmailVerification(beforeUpdatingEmail:) for iOS instead.
This is a part of the same documentation for the deprecation of fetchsigninmethodsforemail()
so it has been considered for other methods.
While we can use the JS SDK for this it is not available for the Android and iOS implementations of this plugin as far as I can tell.****
Add the ability to use verifyBeforeUpdateEmail()
and sendEmailVerification(beforeUpdatingEmail:)
depending on the environment, or have one method that will do it as it differs with iOS under-the-hood.
I think I can only easily achieve this on web by using JS SDK as noted in some other workarounds.
If there is a way I can achieve this without adding this method to this plugin I would love to hear how.
When attempting to use the fetchsigninmethodsforemail()
method I Noticed it was deprecated and followed the links to find out I should also not be using updateEmail()
if I want to turn off email enumeration protection (which imo should be turned on)
Pay now to fund the work behind this issue.
Get updates on progress being made.
Maintainer is rewarded once the issue is completed.
You're funding impactful open source efforts
You want to contribute to this effort
You want to get funding like this too