Google Login - security

I am very excited to deploy the login with Google - this is a great feature.
However, I need to figure this out before I can deploy.

Since we don’t verify user’s ownership of email address with ADALO sign up, how do I prevent others from hijacking someone else’s email.


  1. BadGuy creates a new ADALO login -
  2. The real owner of signs in with Google login.
  3. BadGuy signs in using ADALO login and steals his info

What’s your thoughts on best way to deal with this?


I am thinking you can make a field called ‘verified’ in the user table. Then when the user signs in, it goes to a screen if that field is not marked ‘yes’ in which it triggers an email to be sent with a a verify code. Then not let them go any further into the app unless they are verified.

You could generate the code with a random number or you can use the randomizer component which generates a UUID that would be perfect for the email. Good practice would also be to put a date field when the code was sent so that it expires after 2 hours or so.

1 Like

Good idea.
Perhaps let the Users do whatever they need to do on their first session (less friction) but subsequent Adalo login must be with verified email.
No need for verified email with Google/Apple login

This topic was automatically closed 10 days after the last reply. New replies are no longer allowed.