I have a Flutter app for Android and IOS. Initially when I published the app I allowed users to sign in with Google, Facebook, Apple and Email.
Now I want to remove Google, Facebook and Apple sign in methods and only keep the sign up with email & password. My problem is, there are many users already signed up with Facebook and Google.
I wanted to know, is there any way to change all the non email & password users to change email & password sign in method & send them an email verification email?
Thank you
FirebaseUser use = await _auth.currentUser();
use.linkWithCredential(credential).then((value) {
print("done----------------------${value.user}");
});
you can link your accounts
Firebase Auth user accounts can't simply be converted as you describe. What you can do is have each user go through an auth flow that has them link an email/password auth method to their existing account, then unlink the original method. There is no automation for this - it will require user input to go through the linking process.
Related
I am developing Android app using Firebase. Because of that, I want to use Firebase Auth. I have following requirements:
Register/Log in using Facebook
Register/Log in using Email/Password
Register/Log in using Phone Number/Password
The first two are OK, I followed basic tutorials. However, Phone Number / Password is the problem here. Firebase supports only Phone Number/SMS Token for this (its called Phone Auth), but there is no mention about my case. I do not want to hack Firebase and use its realtime database instead of Auth 'database'. Is there any better way to achieve this?
Thank you.
If you have both email and phone of your user and you can use Admin SDK, then perhaps you could exchange users phone number to his email and login with email and password in the background.
Something like this (node.js)
admin.auth().getUserByPhoneNumber(phoneNumber)
.then(user => {
firebase.auth().signInWithEmailAndPassword(user.email, password);
});
Firebase phone authentication is using OTP(one time password). This way there is no hassle for the user to remember the password. Once authenticated, you will be registered. The sms code acts as a password. But that is for one time. Usually , users prefer such behaviour in which you dont have to remember the passwords. If you are still looking for the way you want, see this link and create a custom authentication method.
https://firebase.google.com/docs/auth/android/custom-auth
I had a similar problem -
I combined firebase auth(email + password) with (phone+otp) to get phone+password auth -
https://medium.com/#shivampesitbng/firebase-phone-password-auth-in-vue-b94f15b8fb3d
Use Fake Email:
Well, Firebase doesn't support sign in with mobile number and password but it supports email and password. So you can create a fake email with your mobile number.
Ie: 78******69#yourdomain.com
Also, you can create a complete Authentication system using it.
Registration:
Input user mobile and password and proceed to the next page.
Now use Firebase Phone Auth (OTP) to createUser. If process success, link fake email, password credentials in background.
AuthCredential credential = EmailAuthProvider.getCredential(email, password);
auth.getCurrentUser().linkWithCredential(credential);
Login:
Input mobile and password to login. Convert the mobile in fake email and then signInWithEmailAndPassword().
Forget Password:
Redirect the user to a new Page and user Phone Auth to verify the user. If successful, input a new password and change the password of the Email Auth.
I'm in the middle of adding firebase email/password sign in inside a React app. Specifically, it's an e-commerce site, and users will be signed in anonymously before they create an account (for things like cart data).
Here's the ideal user flow:
User registers by providing an email and password
User is not signed in immediately and instead gets a verification email
If a user tries signing in before verifying their email, they cannot sign in
User then clicks on the verification link and can sign in
I'm having issues with #3 because it appears like the only way to check if an email is verified is by calling:
const { user } = await firebase
.auth()
.signInWithEmailAndPassword(email, password)
if (user?.emailVerified) //let them enter the dashboard
However, this process signs in the user even if the email is not verified. That destroys the data on the anonymous account. And merging the two accounts isn't possible because the user thinks they are not signed in (hence it could cause UX issues if the accounts are already merged).
Any ideas?
If you're using the email+password provider, there is no way to prevent the user from signing in without a verified email address. You can of course keep them from using your app and accessing data, but you can't keep them from signing in.
If you want to ensure the user can only sign in after their email address has been verified, consider using the email link provider. You can then later allow them to set a password on the same account, either through the Admin SDK, or by creating a email+password account and linking that with the email link account. Also see the documentation on differentiating email/password from email link for some of the nuances here.
I try to merge email/password account with Facebook account. The scenario is like:
user created an account in my app (email/password provider)
one week later, he can't remember that he created his account with Google or Facebook or Email/Password, so he clicks to sign in with Facebook.
an error message appears auth/account-exists-with-different-credential - that's ok, understand that.
fetchSignInMethodsForEmail sends me 'password' provider with flag isOAuthProvider: false which means I can't directly sign in with FB.
What should I do next to log in with Fb and then link that account with existed email/password account of that user?
Should I redirect the user to email/password form and tell him (toast) why should he try to log in this way, or there is a better solution?
After the steps you've described, I see two logical options:
Indeed let the user complete the sign-in with Facebook, and sign-in with their email/password, and then link those accounts.
Tell them that they signed in with email/password before, and redirect them to that.
Linking the accounts is typically a nicer flow for the user, but it is more work to get working.
I already have user that register using email and password.
When the user log out, and then login with google that has the same email, the login success with the same userId from Auth, But the email password auth is disappeared (the envelope icon is gone). It's kind of replaced.
My App for SignIn has 3 buttons:
SignIn with Phone
SignIn with Email n Password
SignIn with Google
Let say I have user A that already sign up with :
email: awesomeA#gmail.com
pass: somepassword
And then the user A is for some reason sign out, then log in again using Google, but with the same email (awesomeA#gmail.com)
In Console Auth, userId A is same as before, but the icon in firebase Auth is only showing google, the icon for email password Auth is gone
NB: Why I use email password as primary auth? Because my app contains payment information. So if the device is being stolen, I want to make it secure using firebase re-authentification system. So as long as the thief doesn't know the password, he cannot use the virtual wallet to buy anything
If you send a verification email to the user with sendEmailVerfification(), and the user confirm it, it will be added to the providers instead of replacing it. Basically having a gmail email just means "verified" as well.
When you use Google login to authenticate with Firebase, you will never have access to the user's password. That is also true for other third-party logins that work with Firebase authentication (Facebook, Twitter).
I have an Android app with use Firebase authentication using email and password. Recently added Google provider now my users can sign in wih his Google account, the problem is the following
There's an existing user example#gmail.com registered on my app, later the user sign in with his Google account Firebase automatically change the provider of the account from email to Google, the problem the user sign out and try to login with his email/password and got a message
The password is invalid or the user does not have a password
I understand why happens, but users (you know they are users) get frustrated because can't login with his email/password
There's some way to tell Firebase to keep the user password or when a user login with Google and this convertion happens in order to notify to user
Note My app only allow one account per email
I found there's a method fetchProvidersForEmail I asume I can build a flow over that method that check which provider have the user and allow the user chose if want to keep if old password by asking and linking account or just continue