functions-samples icon indicating copy to clipboard operation
functions-samples copied to clipboard
verified publisher icon firebase

Bugfix : Ensure emailVerified is not set to true in Spotify Auth sample

Open KrrishSR4 opened this issue 3 months ago • 0 comments

Problem

In the Spotify Auth sample, customToken.emailVerified was incorrectly set to true by default. However, Spotify API does not verify user emails. This creates a potential security vulnerability.

Solution

  • Updated functions/index.js to ensure emailVerified is either unset or explicitly set to false.
  • Tested the flow to confirm that emailVerified is not marked as true.

Reference

Fixes #1154

KrrishSR4 avatar Sep 14 '25 08:09 KrrishSR4