Firebase Password Reset from Gmail
Firebase authentication has a useful email/password login option and it’s default behavior includes easy ways to trigger password resets. One annoyance though is that the invoking the password reset will be sent from noreply@(project-id).firebaseapp.com email address. This can easily end up in a customer’s spam folder or blocked by email filters.
Firebase offers two ways to fix this; one by setting up a custom domain and one by integrating with any SMTP server. We’ll focus on the second one for today and specifically hooking it up to Gmail account.
The steps are pretty simple:
- Toggle enable on
- Enter each of the fields (see above for the correct values for Gmail)
- Hit save
Some parts to pay closer attention to:
- The username should include the full email address with the @host.com extension
- The SMTP security mode should be set to STARTTLS and not SSL for Gmail
- If this is a GSuite (now called Google Workplaces) account, you’ll have to do a few extra steps
- in the Google Admin console, go to Security and ‘Less Secure Apps’, then click the option to ‘Allow users to manage their access to less secure apps’ (see below)
- in Gmail, click on your profile to ‘Manage your Google Account’, then head to Security and enable 2-factor authentication
- in Gmail, in the same Security tab, there’s also a section for ‘App Passwords’, it’s a good practice to avoid sharing the account password with Firebase, so create a custom one
If you test now by triggering a password reset for a user on the Firebase authentication tab, you should get a password reset email from that Gmail account! Unfortunately if it doesn’t arrive, then there’s no easy way I’ve found to debug; so carefully check each step.
Bonus Section!
Notice how the email at the top is a noreply@(custom domain) but the email I use as a user is somebodyelse@(custom domain)? Here, we’re using a Google Groups email address and sending emails from our Gmail account under an alias.
To set up the Google Group:
- Create your Google Group
- For a no-reply group, I ensured that group members do NOT receive any inbound messages
- Under ‘Group Settings’, in the ‘Posting policies’ section, ensure that ‘Who can post as group’ is enabled
To enable the Gmail account to post on behalf of the group, we’ll just need a few more steps:
- Back in your Gmail account, click the settings button in the upper right, then click ‘See All Settings’
- Head to the ‘Accounts’ tab and see the ‘Send mail as’ section, then ‘Add another email address’
- Go back to the Google Group page and verify that this user should have permission to post
If all goes well, password reset requests will now trigger an email sent from a lovely noreply@host address.
Hooray!
Comment: