The Firebase Authentication documentation states that:
If no previous anonymous account on the platform (for your specific application) has been created, when signing in anonymously Firebase will create a new unique user which will be persisted across app restarts/page reloads. If the user signs-out and reauthenticates anonymously again, they will be signed-in with the previously created account.
Yet when I sign out as an anonymous user and sign in again, I get a new anonymous user, instead of getting signed in with the previously created account. Just to be clear, the sign-in is done by calling FirebaseAuth.instance.signInAnonymously(), and the sign-out is done by calling FirebaseAuth.instance.signOut().
That looks like a mistake in the FlutterFire documentation. Once you sign out from an anonymous account, that account's UID is lost and cannot be reclaimed.
My best guess at the intention of the documentation is that calling signInAnonymously multiple times will result in the same UID. But signing the user out, clears that UID and it can't be reclaimed. I submitted a PR to improve the documentation here.
Related
My app makes the user create a new anonymous ID automatically when downloading the app and when the user logs in, for example, by Facebook, the app change UID.
The problem is when I call FirebaseAuth.instance.signInWithCredential, It creates a new UID or change to UID that links to this credential, and the anonymous ID is never deleted. If many users relogin this app, many unuse anonymous ID and data will be garbage in firebase.
I have an idea to store UID in a variable, and when sign-in is successful, I delete using that UID, but firebase allows delete UID only current account. How can I solve this?
It sounds like you want to allow a user that you signed in anonymously to upgrade to an identified account. The idiomatic way to do that is to link the Facebook account to the existing anonymous account, so that the UID remains the same. To do this, follow the process described in the documentation on account linking and in the FlutterFire documentation on linking user accounts.
On sign in using firebase's Google OAuth provider, it automatically creates an account for the user if one does not exist. Is there a way to not create an account and return an error on sign in?
(https://firebase.google.com/docs/auth/web/google-signin)
When you call the sign-in method, it will create an account for the user if it does not exist.
If you want to check if an account exists or not, you would have to perform the "Login with Google" OAuth flow yourself (without the Firebase SDK) and then use a Cloud function to check if a user with the email exists (you might also have to maintain a list of users (their emails) in Firestore). If not, then you can create a new account with the access token you received.
I'm developing a Flutter app using Firebase Authentication service.
The following Flutter plugins are used:
Firebase_auth
Google_sign_in
Facebook_login
The login flow is:
Login with either Facebook, Google or Email&Password
If account has already been created, logged in
If not, throws error
This is possible if the logging method is Email&Password. In Firebase_auth plugin, there are two separate methods for Email&Password scenario: createUserWithEmailAndPassword and signInWithEmailAndPassword. When the sign in method is called with a non existed account, it will throw a wrong id/password error.
However, for the Facebook/Google login method, the plugin only provides
signInWithFacebook and signInWithGoogle and the way they work is that the first time user uses facebook/google account to sign in, Firebase will automatically create an account and return the newly created account. (no separate sign up and sign in process)
I also read on the Firebase doc for Android Google Sign in
After a user signs in for the first time, a new user account is created and linked to the credentials—that is, the user name and password, phone number, or auth provider information—the user signed in with. This new account is stored as part of your Firebase project, and can be used to identify a user across every app in your project, regardless of how the user signs in.
So, my question is: If user logins with Fb/G account that has not yet been used to register with my app on Firebase, how do I make Firebase authentication throw error instead of automatically create a new account ?
Malcolm from the Firebase team here! Great question.
Given the functionality that currently exists in the open source Flutter plugins, you can likely get the result you desire by using the method #fetchProvidersForEmail(). Here are the logical steps you'll follow for the federated IDPs:
Do normal sign in the with IDP and get a token.
Parse that returned token for the user's email (usually using a JWT parsing library).
Call #fetchProvidersForEmail() with the extracted email.
If the providers that come back for the email are empty, then it's a new account. Otherwise, it's an existing account.
Alternatively, you could update the Flutter plugin to return more of the AuthResult, which includes whether or not the user is new. If the user is new, then you just call FirebaseAuth#getCurrentUser()#delete() and throw whatever error you wanted. (Which you would also have to add to the plugin).
What happens to a user who has been anonymously signed into an app using firebase anonymous authentication when he/she factory resets his/her device. Is all the information the app had on him get lost or what does firebase use to maintain user data
An anonymous user in Firebase Authentication is not much more then their UID.
When you uninstall an app or wipe the device, that UID is wiped from the device. When the user signs in with anonymous authentication next time, they will get a new UID. There will be no connection between their previous UID and the new UID. This is the nature of anonymous authentication.
The information on the original UID will still exist on the Firebase servers, but there's no built-in way to connect the former UID and the next UID together.
I am using Firebase's auth feature and sometimes I see empty users in the console. This brings issues to some users because instead of logging into their main account (and using their UID to fetch their user data in a users reference), log into that empty account with a UID which is not theirs.
Not sure exactly how that can happen, but it seems like this could be a bug on Firebase's side, because a successful Auth should have at least 1 provider...
Any ideas about such issue and how I could fix it from my side if possible?
Ps.: Is that how "signInAnonymously" would create anonymous accounts?
This is an intended behavior when you authenticate with Firebase anonymously.
signInAnonymously() method signs in the user anonymously without requiring any credential and creates a new account in your Firebase Authentication system, except in the case where there was already an anonymous user signed in into the app.
See FirebaseAuth.signInAnonymously class reference for more details.