This PR contains implementation for supporting enable email enumeration protection on firebase.
This change is part of security improvement where this change will stop from hackers to see if specific email is being used on fast-auth or not.
From this change, regardless of email registered or not, it will trigger verify email check. If someone uses a specific email without create account first, it will still send email with verification link, but after link is being clicked, it will return with error:
In terms of post merge, we need to land this PR to production prior to enabling the configuration on firebase console.
This PR contains implementation for supporting
enable email enumeration protection
on firebase.This change is part of security improvement where this change will stop from hackers to see if specific email is being used on fast-auth or not.
From this change, regardless of email registered or not, it will trigger verify email check. If someone uses a specific email without create account first, it will still send email with verification link, but after link is being clicked, it will return with error:
In terms of post merge, we need to land this PR to production prior to enabling the configuration on firebase console.