I'll keep it short. For my application, e-mail verification is absolutely essential. A user should not be able to access the application in any way without having clicked the Firestore link in their inbox.
This is what happens at the moment however:
I made an account with '[email protected]'. Note: I have not verified the account ( I don't even own the [email protected] e-mail).
If I try to login on the login screen, a popup is show that the e-mail is not verified yet. However, by simply changing the url to ../home (or any other url for that matter), verification is bypassed.
This is my action flow on the login page:
This is my action flow on EVERY page that requires authentication:
I honestly don't see what's going wrong here. Does anyone know how to make sure that a visitor has absolutely no way to access the app without e-mail verification?