How to update a user's email now that `updateEmail(to: email)` is deprecated

[yqiang]

Description

We just upgraded our Firebase SDK to the latest version and are receiving a warning that the method updateEmail(to: email) has been deprecated. The warning suggests that we use sendEmailVerification(beforeUpdatingEmail email: String) instead. For our user case however, we don't want to send a verification email, but we just want to set the users email manually.

It looks like the relevant pull request is this one: Email enumeration protection related error and doc updates #12081

What is the recommended way to do this now that the above method has been deprecated?

Reproducing the issue

1. Install Firebase SDK for iOS
2. Call the updateEmail(to: email) method.
3. See warning in Xcode

Firebase SDK Version

10.19.0

Xcode Version

15.0

Installation Method

Swift Package Manager

Firebase Product(s)

Authentication

Targeted Platforms

iOS

Relevant Log Output

No response

If using Swift Package Manager, the project's Package.resolved

Expand Package.resolved snippet

Replace this line with the contents of your Package.resolved.

If using CocoaPods, the project's Podfile.lock

Expand Podfile.lock snippet

Replace this line with the contents of your Podfile.lock!

[google-oss-bot]

I couldn't figure out how to label this issue, so I've labeled it for a human to triage. Hang tight.

[rizafran]

Hi @yqiang, upon checking the docs, you need to use the verifyBeforeUpdateEmail as your users can no longer update their email with the updateEmail() method when the enumeration protection feature is enabled. If you want your users to update their email without verification, you may disable the enumeration protection feature, but note that it is not recommended in the long term.

[yqiang]

@rizafran Hi - thanks for the quick reply. In my particular use case, I'm using Sign in With Apple and passing the email I get from that to the updateEmail() method. Since the email is coming from someones Apple account, it is already verified. What's the recommended way to pass the email to Firebase now?

[Xiaoshouzi-gh]

Hi @yqiang can you describe and explain your workflow / code logic so we can better help you? Do you create an account randomly with email password, then signInWithApple and then updateEmail?

[yqiang]

@Xiaoshouzi-gh Sure. Here's the workflow:

• User signs up for my app using Sign in with Apple, and I request email as part of the permissions
• Given the Sign in with Apple tokens, I call my own backend and generate a custom Firebase token using the python firebase-admin sdk
• I call Auth.auth().signIn(withCustomToken: token) on the client
• I call updateEmail(to: email) on the client. The email is what I received when signing in with Apple

[yqiang]

Hi - I was wondering if there's an update on this issue?

[Xiaoshouzi-gh]

Hi @yqiang, another option is to utilize firebase blocking function to update the user record with emailVerified = true during signIn and account creation phase. See this example here

[google-oss-bot]

Hey @yqiang. We need more information to resolve this issue but there hasn't been an update in 5 weekdays. I'm marking the issue as stale and if there are no new updates in the next 5 days I will close it automatically.

If you have more information that will help us get to the bottom of this, just add a comment!

[google-oss-bot]

Since there haven't been any recent updates here, I am going to close this issue.

@yqiang if you're still experiencing this problem and want to continue the discussion just leave a comment here and we are happy to re-open this.

[arda-copur]

It is very interesting to remove such a needed feature. Is this complexity really needed? I can update the user's password, but I still haven't found an equivalent for email.