If I disable a user from console user credentials will not be refreshed in one hour and user will be deauthenticated. Upon trying to log in, user will get the FirebaseException with the ErrorCode AuthError.UserDisabled.
Showing the user that his account is disabled is good, but I also want to show him his firebase account ID (which is a complex string with letters and numbers) for support inquiries. How can I get the user Id to show it to user when the account has been disabled? This is happening in Unity.
As far as I know the UID matching the credentials is not exposed in this error message, so you will have to look it up another way. The best I can think of is using the Admin SDK to find the user by their email address.
Related
In a Firebase project, I have activated multiple sign-in methods (e-mail, Google, and Microsoft), which all work fine. I also have it activated to only allow one account per e-mail address.
The problem arises when a user successfully signs in via Google or Microsoft, then signs out and then signs in via e-mail, using the same e-mail address as before using Google or Microsoft. Then his account type changes to e-Mail and it seems like a no way back.
Is there a way to change user account types from e-mail back to Microsoft or Google?
Your code must have different functions written for different signin's. When the user first logs in, store his login method on firestore. You can get this from the signin function triggered or simply by the button user clicked. Then during each login add a check that if user exists and user's current signin method is not the same as the one stored on firestore, notify the user to use the correct one.
Or you can let the user signin using whatever they please but ultimately in your code, the function which is triggered will tell you the current signin method and you'd have the first/previous method stored. So you can do stuff accordingly.
What you are writing in question seams not how it works. When you sign in using Google provider your email is verified automatly and if you try to sign in using same email authentication will throw error that account with that email allredy exists.
If you created first account using email and password and didn't verify your email addres then if you sign in using google provider with same email address in it, email and password provider will gone because of was not verified and you wont be able to login using email end password unless you will setup a new password for this email.
If email was verified and you sign in using google provider with same email address. This provider will be added to providers array and you will be able to login using email and password and google provider.
To add multiple providers to your accaunt you can use linkWithPopup() function. If you created accound with diferent email address and want to be able to log in on this account with provider who has diferent email address for example.
Has anyone managed to associate an authorised email to an anon UID that was created earlier on another device?
Here is the workflow:
User comes to the site for the first time, anon UID is created, they enter email as part of signup, which is added to their details in the db
An email is sent to them to verify the email.
However, user misses it for whatever reason.
Instead, they come again with a different device and try to log in using a password-less login by entering their email and receiving a link
they get the link and click on it. The email gets verified, but gets assigned to a NEW UID created on the 2nd visit.
The question is how can the email be linked to the 1st UID instead of the 2nd one on a new device?
Under 2, before the email is sent, I am calling firebase.auth().currentUser.updateEmail(email), but it doesn't seem to associate the email with the UID in the firebase for some reason. I can see that in the Firebase Authentication tab -- the UID is still showing as Identifier (anonymous). This is probably the root cause of the issue as otherwise the email would be there, just unauthenticated.
Any ideas would be welcome!
Setting an email address to an anonymous account doesn't change its provider to suddenly become email+password. It remains an anonymous account, it now just also has an email address associated with it. To associate the user with an email+password account, you'll have to sign them in with email+password credentials and then link those credentials to the existing anonymous account.
To link accounts/providers, you must create credentials for both providers on the same device and call the relevant API to link them.
Since you only have a UID from anonymous sign-in on the first device, that UID can't be recreated on the second device. And that means there is no way to link the email-link UID account on the second device to the anonymous UID on the first device.
I am using Firebase Auth in my app. I update the email like follows:
firebaseAuth.currentUser?.updateEmail(email)
The email is updating 100% (I do a re-auth when necessary as well). My problem is after the e-mail has changed, the user is being logged out of his account and has to login again.
When I call
val user = firebaseAuth.currentUser
after updating the email the user is null and my app wants you to login again with the new email address.
Is this the correct behaviour? It makes for a really bad user experience having to login again after changing the account email.
I think Firebase is doing this on purpose for security reasons. You could work around this by calling the Firebase's login function automatically after changing the user's email.
However, I don't think that it is a normal behaviour if you're using the most recent version of Firebase. They explicitly state in their documentation that you need to re-authenticate the user to perform any profile change (if he hasn't signed in recently).
Some security-sensitive actions—such as deleting an account, setting a primary email address, and changing a password—require that the user has recently signed in. If you perform one of these actions, and the user signed in too long ago, the action fails with the FIRAuthErrorCodeCredentialTooOld error.
On my side, this effect only occurs on other devices on which the user has signed in, not on the device on which the edit action was performed.
I have a current database with active users in Firebase that can login with user/pwd but now I'm implementing the facebook login and I realised the only way to link a facebook account with an existing user is only when the user is already logged with the user/pwd but not before the login.
I have two buttons in my app (login with fb and with email) but if I try to login with fb using the same email of an existing user, I will receive the following error auth/account-exists-with-different-credential and the documentation says that in order to fix this the user needs to login first then link.
Do you know if there is a way to link both accounts but without perform a login first, I mean, from the login view?
You need to sign in the user first before linking. This is important if you want to ensure it is the same user. Otherwise you can switch to multiple accounts per email in the Firebase console.
The way to solve this, when you get the error auth/account-exists-with-different-credential, the error will contain error.email and error.credential after you sign in with Facebook and the account already exists as a password account.
You then call firebase.auth().fetchProvidersForEmail(error.email) to which resolves with the list of provider IDs for that email. In this case, it will contain ['password']. You then ask the user to provide their password. You call signInWithEmailAndPassword(error.email, password) to sign-in the original user. You then call firebase.auth().currentUser.linkWithCredential(error.credential) to link the Facebook credential to the password account. Now both accounts are merged and the user can sign in with either.
I fixed it by going to the Firebase console. then head over to the authentication section and select the Settings Tab. Afterwards, go to User account linking and check Create multiple accounts for each identity provider
I am using ionic 3 and firebase for the backend.In my app I am trying to let users sign up with just username and password. Well firebase by default doesn't provide that option. So I am getting user's input as username (for example: 'mike123') then i add #myapp.com. so it looks like an email: 'mike123#myapp.com'. That is all fine, but a problem just came up when user's want to reset their passwords. Is it possible to let users type in any valid email address at the time they want to reset their password?.
You can change the password of the user by https://firebase.google.com/docs/auth/admin/manage-users#update_a_user. Note that this is in the Firebase Admin SDK, so will require that you run code in a trusted environment, such as a server you control or Cloud Functions.
But faking username+password by faking an email address is non-ideal. I'd consider creating a custom auth provider for your needs.
If the email provided when sending the Reset Password request doesn't exist for any user, then it will fail.
In Android, calling sendPasswordResetEmail with a non-existing email, it would return a:
FirebaseAuthInvalidUserException: There is no user record corresponding to this identifier. The user may have been deleted.
You should ask for a valid email from the user and save their preferred username separately upon the user creation.