This Firebase Admin SDK error occurs when you attempt to set the emailVerified property to a non-boolean value. The emailVerified field only accepts true or false, not strings, numbers, or other types. Fix by ensuring you pass a boolean value when creating or updating users.
The "auth/invalid-email-verified" error in Firebase Admin SDK indicates that your code is trying to set the emailVerified user property to a value that is not a boolean (true or false). This error appears when using admin.auth().createUser() or admin.auth().updateUser() methods. Firebase strictly validates the emailVerified property to ensure it contains only boolean values, as this field determines whether a user has verified their email address. Passing strings like "true" or "false", numbers like 1 or 0, null, undefined, or any other non-boolean type will trigger this validation error.
Locate all code that sets the emailVerified property in Firebase Admin SDK calls. Check createUser(), updateUser(), and importUsers() methods. Example locations:
// Check these patterns
admin.auth().createUser({
email: "[email protected]",
emailVerified: // <- check this value
});
admin.auth().updateUser(uid, {
emailVerified: // <- check this value
});If you are receiving "true" or "false" as strings (from API requests, database queries, or JSON), convert them to proper boolean values:
// Incorrect - string value
const emailVerified = "true"; // Wrong!
// Correct - boolean conversion
const emailVerified = userData.emailVerified === "true";
// or
const emailVerified = Boolean(userData.emailVerified);
// or
const emailVerified = userData.emailVerified === true;If emailVerified might be null or undefined, provide a default boolean value or omit the property entirely:
// Option 1: Provide default value
const userProperties = {
email: userData.email,
emailVerified: userData.emailVerified ?? false
};
// Option 2: Conditionally include property
const userProperties = {
email: userData.email,
...(typeof userData.emailVerified === "boolean" && {
emailVerified: userData.emailVerified
})
};
await admin.auth().updateUser(uid, userProperties);Create a validation function to ensure emailVerified is always boolean before Firebase calls:
interface UserUpdateData {
email?: string;
emailVerified?: boolean;
}
function validateEmailVerified(value: any): boolean {
if (typeof value === "boolean") {
return value;
}
if (value === "true" || value === 1) {
return true;
}
if (value === "false" || value === 0) {
return false;
}
return false; // Default to false for invalid values
}
const userData: UserUpdateData = {
email: "[email protected]",
emailVerified: validateEmailVerified(rawData.emailVerified)
};
await admin.auth().updateUser(uid, userData);If retrieving user data from a database, ensure proper type handling:
// PostgreSQL with node-postgres
const result = await db.query("SELECT email_verified FROM users WHERE id = $1", [userId]);
const emailVerified = result.rows[0].email_verified; // May be string or number
// Convert to boolean
const userUpdate = {
emailVerified: Boolean(emailVerified)
};
// MongoDB with Mongoose
const user = await User.findById(userId);
const emailVerified = user.emailVerified === true; // Ensure boolean
await admin.auth().updateUser(uid, { emailVerified });Use TypeScript to enforce correct types at compile time:
interface FirebaseUserUpdate {
email?: string;
emailVerified?: boolean; // Explicitly type as boolean
displayName?: string;
}
function updateFirebaseUser(
uid: string,
data: FirebaseUserUpdate
): Promise<admin.auth.UserRecord> {
// TypeScript will catch non-boolean assignments
return admin.auth().updateUser(uid, data);
}
// Usage - TypeScript error if wrong type
await updateFirebaseUser(uid, {
emailVerified: true // OK
});
await updateFirebaseUser(uid, {
emailVerified: "true" // TypeScript error!
});The emailVerified property is critical for Firebase Authentication security flows. When set to true, it indicates the user has confirmed ownership of their email address. Firebase uses this flag to enforce email verification requirements in security rules and conditional access controls. In production environments, consider implementing server-side validation middleware that checks all incoming user data before Firebase Admin SDK calls. For user imports from external systems, create migration scripts that explicitly convert all emailVerified values to boolean type. Be aware that some ORMs and database drivers may return boolean fields as integers (1/0) or strings ("t"/"f"), requiring explicit type coercion. When working with Cloud Functions that process HTTP requests, remember that JSON payloads always deserialize boolean-like strings as strings, not booleans, so validation is essential. The Firebase Admin SDK provides strong type checking in TypeScript, but runtime validation is still necessary for data from external sources like databases, APIs, or user input.
Callable Functions: INTERNAL - Unhandled exception
How to fix "Callable Functions: INTERNAL - Unhandled exception" in Firebase
messaging/UNSPECIFIED_ERROR: No additional information available
How to fix "messaging/UNSPECIFIED_ERROR: No additional information available" in Firebase Cloud Messaging
auth/invalid-hash-algorithm: Hash algorithm doesn't match supported options
How to fix "auth/invalid-hash-algorithm: Hash algorithm doesn't match supported options" in Firebase
App Check: reCAPTCHA Score Too Low
App Check reCAPTCHA Score Too Low
storage/invalid-url: Invalid URL format for Cloud Storage reference
How to fix invalid URL format in Firebase Cloud Storage