I am using Firebase Authentication in my Android app. Google is asking me for a URL where users can delete their account. Before I create a page and host it myself, I was wondering if Firebase offers that functionality? I was not able to find anything on the Firebase README.
2
Answers
When using the client-side SDKs for Firebase Authentication, you can only delete the user account that is currently signed in. Anything else would be a huge security risk, as it would allow users of your app to delete each other’s account.
The Admin SDKs for Firebase Authentication are designed to be used in a trusted environment, such as your development machine, a server that you control, or Cloud Functions. Because they run in a trusted environment, they can perform certain operations that the client-side SDKs can’t perform, such as deleting user accounts by simply knowing their UID.
Also see:
delete firebase authenticated user from web application
There is no predefined page that you can show to the user to delete their account. If you need such a page, you’ll have to create it yourself based on the API to delete a user.
This API does require that the user needs to be signed in to their account, as otherwise there is no way to prevent abuse. If that is a hurdle for your use-case, you could consider making a custom backend end-point where you use the Admin SDK to delete a user. If you do this, make sure that you ensure the action is properly authorized by the user in some way that fits your requirements.