I'm trying to check if a user has already used their email to sign up to an app I am developing. I am using firebase 13.0.2. The auth.fetchSignInMethodsForEmail is deprecated? Is there any other alternatives for checking if an email has already been used?
The fetchSignInMethodsForEmail
was deprecated as it allows malicious users to perform an email enumeration attack on your project, and those have unfortunately become quite common. There is no workaround, as those too would be susceptible to the same type of attack.
For now, you can disable Firebase's email enumeration protection to ensure the fetchSignInMethodsForEmail
method works. If that method disappears in the future though, there is no alternative API.
If you want to continue using a similar flow, you could store the same information in a database and create your own API on that. But keep in mind that this would once again expose your project and users to the risk of an email enumeration attack.
Also see: