I am making a system with Email Verification but i want to send the Registered email to a personal Email
(so he/she can only verify the user for security) address instead sending to the user. is there any way to do that in java android studio? i am using a firebase database.
I'm a little confused about what you mean when you say "the registered email to a personal email", but with FirebaseAuth, when a user is signed in with FirebaseAuth.signInWithEmailAndPassword(email, password), you should be able to take the FirebaseUser that it returns and call FirebaseUser.sendEmailVerification()
You can then use FirebaseUser.isEmailVerified() to check if the user has verified their email, and allow or deny certain functions in your app based on that.
Related
I am developing an app wherein the users use either email and phone to perform registration.
Users can enter their email or phone for log in, I want the same OTP to be sent to mobile and email simultaneously. Please Help!
If you want to work only with Firebase Authentication, then there is not any suitable solution that meets your requirement.
Some limitations you can find with Firebase are Firebase Authentication Limits and Phone number sign-in limits.
However the alternative solution is using third-party SMS gateway. through with you can send OTP to phone number as well as to email also simultaneously.
Lets assume you already have mechanism to generate OTP and verify OTP from android app.
Now the problem is how to send OTP to the user's email.
One of solution is using MailGun service to send email from your backend.
Also, if you want to templating your email, you can use library called handlebar
I am developing a web app which consists in parsing users emails and then applying some templates and other stuff.
After the user has logged in with his gmail and give me permissions to read the email, the app can read and parse emails just fine, the only problem is that I do not know when he recieved a new email.
People have suggested me to make a function that from time to time checks if theres a new email but my goal is to avoid that as much as possible.
Also, i've checked nodejs email listener but it requires user email and password which I do not have (I only have the token with the permissions to make requests in gmail api nothing more).
So to put it simply, how can the server know when user has recieved an email in his gmail inbox.
Thank you
When User Login send A E-mail
by using Nodemailer
for More Info https://nodemailer.com/about/
I just setup the basic JHipster application and set in the FB client ID and secret. However, when I try to login by not sharing the email - I see that it gets redirected to my app with a success. I can handle the no email exception on application.
Instead , I wanted FB to make sure that my email was a mandatory field. How do I do that?
You can't force Facebook to return an email address for a user. It may also be null on their end (if the user signed up with a phone number). You will have to handle it in your application. This is the same case with Twitter - they simply don't provide the user's email.
Note, even if you request the email permission it is not guaranteed you will get an email address. For example, if someone signed up for Facebook with a phone number instead of an email address, the email field may be empty.
https://developers.facebook.com/docs/facebook-login/permissions/
Like you mentioned, you need to handle it in your application. You could catch the fact the email is null and prompt the user to enter an email.
At my company, we are implementing some parts of DocuSign, and have run across a scenario we believe the REST API does not support.
There are times where user's in our system change email addresses. We want to push this change to DocuSign for the user, without the user ever requiring to log in to DocuSign and manually change their email address via the console. This, of course, changes the username the user authenticates with on the login page of DocuSign.
Is it possible, using the DocuSign REST API, to change a user's email address (which in effect changes their login name do DocuSign)?
The DocuSign system does not support changing the email address through the API (REST or SOAP). This is mainly due to security restrictions - unfortunately your users will need to manually go into the DocuSign Console and go to Preferences to change their email address.
One thing that might make this process a little smoother is to automatically open the Console for your users when they request to change their email address. You can open the Console in an embedded iFrame in your site or app and from there they can change their account info. You would just need the user's credentials (along with the integrator key of the integration) and you can open the console for them.
The third API Walkthrough - Embedded DocuSign Console - illustrates exactly how to do this in 6 different languages (PHP, Java, Javascript, Python, C#, and Objective-C). You just need to make the following call from your environment, with just your accountId in the body of the POST request:
Method
POST
URI
/accounts/{accountId}/views/console
BODY
{
"accountId": "XXXXXX"
}
I am currently developing a c# web application that allows users to login with a password. A feature that I need to include is a forgot password function.
What is the recommended process for forgot password?
I was considering this:
User clicks forgot password, enter email address
Email sent
Click on link in email (link only valid once and within time period)
Taken to the site and asked to enter new password (should they also give answer to security question?)
Password changed, email sent to user of such
User now can log in with new password
Your idea looks solid, but I would add some other considerations:
Be sure that the token you are generating in the email using is using a the .Net Framework crypto classes designed for randomization, not something that seems random but is not designed for that purpose.
Take no action on the account from the sending of the reset email (otherwise people will be able to lock other people's accounts if they know their email)
Add a rate limiter on how many resets per hour can be generated for a given email. Otherwise somebody could DOS a user by: (a) using x bad passwords to lock the account and then (b) generating reset emails for them faster than the email system can deliver.
Where possible defer to other systems such as OpenID. It's easy to get things wrong when you roll your own.
We have two ways to retrieve the forgot password:
1. Through registered email id
2. Through registered mobile number
Registered Email id:
a. Ask the user to provide the registered email id
b. The system checks the provided email id is available in the DB or not
c. If Email ID is there in the DB then system send the Email to reset the password but if Email id is not there in the DB then system show the alert messaged.
d. The user must provide strong password while resetting the forgot password.
e. Password reset successfully and is also change in the DB with respect to the Email ID.
Registered Mobile number:
The process is almost same as the email but in this case, OTP will be sent over the registered mobile number.
We need to integrate the 3rd part SDK for this or we can use the imessage in IOS.