Custom Token Generation for Email Confirmation (Mandrill)

[Sandro Akira]

Hi,

We have an demand to create an confirmation email for new subscribers.

As far as I could see Firebase does not have any ready to use mechanism for this.

Anybody has implemented something similar?

My first though was to create an firebase custom token for the user with 24h expiration date 

and confirm it through our Backend Service and Mandrill.

The point is after a couple of tests the creation of new tokens just stopped working (Invalid Token) and I would like to know if we have a limit through the day.

Naturally as it is still under development a couple of tokens were generated for the same user, but we don't want to take the risk of

blocking our users when the service comes online.

Any thoughts or recommendations about this issue?

Thank you!

Best Regards,

Sandro Akira

[Jacob Wenger]

Hey Sandro,

You are correct that there is no confirmation / verification email sent when a new user signs up using Firebase Auth's email / password provider. Do you just want to send a confirmation email or do you want to actually validate that a user has the email they say they do? The latter is harder than the former. The former can be done simply by sending a request to some backend (say a Node.js backend) with an unauthenticated request which tells the backend to email the provided user. The latter involves minting your own tokens which specify whether or not a user's email is validated.

"The point is after a couple of tests the creation of new tokens just stopped working"

Can you explain what you mean here? What started throwing errors? If this was a rate limiting issue, you would have gotten an error specifying as much.

Cheers,
Jacob

--
You received this message because you are subscribed to the Google Groups "Firebase Google Group" group.
To unsubscribe from this group and stop receiving emails from it, send an email to firebase-tal...@googlegroups.com.
To post to this group, send email to fireba...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/firebase-talk/ab25916c-3dcd-4b91-86d7-78f1da175355%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[Dennis Smolek]

We use tokens and "invites" as well for new users. What we did is have a heroku middleman do the actual new user request and sets the users password to a random string. 

It then sends out to mandrill with the temp password in a URL. 

We use security rules to block users with a "temp" status

When the user clicks the link it goes to a page that automatically logs in but only allows them to "set" their password, which resets it as well as removes the "temp" status

hope that helps.