# How to Implement Email Verification in FlutterFlow User Registration

- Tool: FlutterFlow
- Difficulty: Beginner
- Time required: 20-30 min
- Compatibility: FlutterFlow Free+ (Firebase Auth required)
- Last updated: March 2026

## TL;DR

Firebase Auth has built-in email verification that FlutterFlow exposes directly. After sign-up, use the Send Email Verification action to send the verification email. Gate app access using a Conditional action that checks the emailVerified property on the current user — redirect unverified users to a verification prompt page. Add a resend button for users who missed the email. Enable Require Email Verification in FlutterFlow Settings > Authentication.

## Stop Fake Emails Before They Reach Your Database

Without email verification, anyone can sign up with a fake or misspelled email address, creating unusable accounts and polluting your user data. Firebase Auth's email verification is a one-step add-on to your existing sign-up flow. The verification email is sent by Firebase's servers (no SMTP configuration needed), the link is cryptographically secure, and FlutterFlow gives you the actions and conditions to gate your app correctly without any custom code.

## Before you start

- FlutterFlow project with Firebase Authentication configured
- Email/Password sign-in method enabled in Firebase Console > Authentication > Sign-in method
- A sign-up page already working in your FlutterFlow project
- Basic familiarity with FlutterFlow action flows and conditional navigation

## Step-by-step guide

### 1. Enable Email Verification Requirement in Settings

In FlutterFlow, open Settings > Authentication > scroll to the Email Verification section. Toggle 'Require Email Verification' to on. This setting tells FlutterFlow to check emailVerified on the authenticated user before allowing access to protected pages. It also enables the emailVerified field as an available condition in your action flows and page conditionals. This setting alone does not send any emails — it just makes the verification state available throughout your app logic.

**Expected result:** The Require Email Verification toggle is green. You can now reference emailVerified in action conditions throughout your FlutterFlow project.

### 2. Add Send Email Verification After Sign Up

In your sign-up page's Create Account action flow, add a new action immediately after the successful account creation action. Search for 'Send Email Verification' in the Actions panel and add it. This action calls Firebase Auth's sendEmailVerification() method which sends a verification link to the user's registered email address. The email is sent by Firebase's servers using your project's default email template — no SMTP configuration required on your end. After this action, navigate the user to a 'Please verify your email' page rather than directly into the app.

**Expected result:** After signing up, the user receives a Firebase verification email within 1-2 minutes. The email contains a link that, when clicked, sets emailVerified to true in Firebase Auth.

### 3. Create the Email Verification Prompt Page

Create a new page called EmailVerificationPage. Add a column with: an envelope icon, a heading 'Check your email', a body text explaining the user should click the link in the verification email sent to their address (display the current user's email using the Current User widget). Add a Resend Email button and a Continue button. On this page's On Load action flow, add a Refresh Current User action followed by a Conditional — if Current User emailVerified equals true, navigate to your main app home page. This auto-redirects users who have already verified before they need to tap Continue.

**Expected result:** After signing up, users land on this page. Once they click the verification link in their email and return to the app, tapping Continue (or the automatic check) redirects them to the home page.

### 4. Gate Protected Pages with emailVerified Check

For any page that should only be accessible to verified users, add an On Page Load action at the very beginning of the action flow. Add a Conditional action: if Current User > emailVerified equals false, navigate to EmailVerificationPage. This check runs every time the page loads, so even if a user somehow bypasses the sign-up flow, they will be redirected to verify before accessing protected content. Do not add this check to your sign-in page, sign-up page, or email verification page — only add it to pages that contain actual app features.

**Expected result:** Navigating directly to a protected page while unverified redirects to EmailVerificationPage. After verification and token refresh, the same URL loads normally.

### 5. Add a Resend Button with Countdown Timer

Users frequently miss or lose the verification email. Add a Resend Email button to EmailVerificationPage. To prevent abuse and respect Firebase's rate limits, add a cooldown: when the button is tapped, immediately disable it and set a Page State variable resendCooldown to 60. Add a periodic timer Custom Action that decrements resendCooldown by 1 every second. Show the remaining seconds in the button label ('Resend in 45s'). When resendCooldown reaches 0, re-enable the button. The Resend action should call Send Email Verification again.

**Expected result:** After tapping Resend, the button changes to 'Resend in 60s' and counts down. A new verification email arrives within 1-2 minutes. The button re-enables after 60 seconds.

## Complete code example

File: `email_verification_gate.dart`

```dart
// FlutterFlow Custom Action: verifyEmailStatus
// Call on EmailVerificationPage On Load and on Continue button tap
// Returns: 'verified' | 'unverified' | 'error'

import 'package:firebase_auth/firebase_auth.dart';

Future<String> verifyEmailStatus() async {
  try {
    final user = FirebaseAuth.instance.currentUser;
    if (user == null) return 'error';

    // Force reload to get latest emailVerified status from server
    await user.reload();

    // Get fresh user object after reload
    final refreshedUser = FirebaseAuth.instance.currentUser;
    if (refreshedUser == null) return 'error';

    return refreshedUser.emailVerified ? 'verified' : 'unverified';
  } catch (e) {
    return 'error';
  }
}

// ─── Resend Verification Email ───────────────────────────────────────────────

Future<bool> resendVerificationEmail() async {
  try {
    final user = FirebaseAuth.instance.currentUser;
    if (user == null) return false;
    if (user.emailVerified) return true; // Already verified, no need to resend

    await user.sendEmailVerification(
      ActionCodeSettings(
        url: 'https://yourapp.page.link/verify', // Update with your domain
        handleCodeInApp: false, // Open in browser, not app
      ),
    );
    return true;
  } on FirebaseAuthException catch (e) {
    // Error code 'too-many-requests' means rate limited
    print('Resend error: ${e.code} - ${e.message}');
    return false;
  }
}

// ─── Countdown Timer for Resend Button ───────────────────────────────────────
// Store in Page State: resendCooldownSeconds (int, starts at 60)
// This Custom Action decrements the count — call it on a 1-second timer

int decrementCooldown(int currentSeconds) {
  return currentSeconds > 0 ? currentSeconds - 1 : 0;
}
```

## Common mistakes

- **Not gating app access on emailVerified — users sign up with fake or mistyped emails** — Without the emailVerified gate, your user database fills with unverifiable accounts. Password reset, transactional emails, and support contact all fail for these users, creating support burden. Fix: Add an emailVerified conditional check to the On Page Load action of every protected page. Also add a Refresh Current User action before checking, since the cached token may not reflect the latest verification state.
- **Checking emailVerified without first calling Refresh Current User** — Firebase caches the user auth token on the device. Even after a user clicks the verification link in their email, emailVerified may still show as false in the app until the token is refreshed. Fix: Always call Refresh Current User (or user.reload() in a Custom Action) before reading emailVerified in any conditional. Without this, verified users get stuck on the verification page.
- **Sending the verification email only once and not offering a resend option** — Verification emails frequently land in spam folders or get deleted accidentally, especially from free email services. Without a resend option, these users are permanently locked out. Fix: Add a clearly labeled Resend Email button with a 60-second cooldown. Include the user's email address in the prompt so they know which inbox to check.

## Best practices

- Always call user.reload() before reading emailVerified — cached tokens do not auto-update.
- Display the user's email address on the verification page so they know which inbox to check.
- Add a link to open the email app directly from your verification page on mobile (mailto: scheme) to reduce friction.
- Customize the Firebase verification email template in Firebase Console > Authentication > Templates with your app name and branding.
- Set a deep link in ActionCodeSettings so the verification link opens your app directly instead of a browser on mobile — smoother experience.
- Log failed verification attempts (users who never verify within 7 days) and send a reminder email via Cloud Function using Firebase Admin SDK.
- For B2B apps, consider allowing corporate email domains to skip verification (whitelist check in Firestore) if verification emails are blocked by corporate firewalls.

## Frequently asked questions

### How long does the Firebase verification email link stay valid?

Firebase verification email links expire after 24 hours by default. If a user clicks an expired link, they see a 'The link has expired' error in their browser. They will need to request a new verification email from your app. You can customize this expiration period in Firebase Console > Authentication > Templates > Email address verification.

### Can I customize the verification email that Firebase sends?

Yes. Go to Firebase Console > Authentication > Templates > Email address verification. You can customize the subject, sender name, and email body text. You can also set a custom action URL that redirects through your own domain after verification. Full HTML email template customization requires upgrading to a paid Firebase/Google Cloud plan.

### What happens if a user tries to log in before verifying their email?

Firebase Auth allows login regardless of email verification status — the emailVerified check is something you enforce in your app, not at the auth layer. This is why the page-level gate (checking emailVerified on every protected page load) is essential. Without it, unverified users can log in and access your app.

### Does email verification work for social login (Google, Apple)?

For Google and Apple social logins, emailVerified is typically already true since these providers verify emails themselves. The verification flow described in this guide only applies to email/password accounts. You can skip sending a verification email for social login users by checking the sign-in provider before triggering the Send Email Verification action.

### Can I verify phone numbers instead of email addresses?

Yes. Firebase Auth supports phone number verification as a separate authentication method using SMS OTP codes. FlutterFlow has a Phone Number Sign In flow built in. However, SMS verification has per-message costs and carrier reliability issues that email verification does not have — only use phone verification if your use case specifically requires it.

### My users say they are not receiving the verification email. What should I check?

First, ask them to check their spam folder — Firebase emails frequently land in spam for new apps. Second, verify the email address they signed up with is spelled correctly. Third, check Firebase Console > Authentication > Users to confirm the account exists with that email. Fourth, check Firebase Console > Authentication > Usage for any email sending errors or quota issues. Finally, if you are on Spark (free) Firebase plan, verify you have not hit the 100 emails/day limit.

---

Source: https://www.rapidevelopers.com/flutterflow-tutorials/how-to-implement-email-verification-in-flutterflow-user-registration
© RapidDev — https://www.rapidevelopers.com/flutterflow-tutorials/how-to-implement-email-verification-in-flutterflow-user-registration
