I already have implemented the Google login and the Email and Password login. When someone signs up with email and password then afterwards logs in with google the accounts are then connected together like this:
So my question is how to prevent connecting an already existing email and password account with google?
Related
I am working on a mobile app, where I already set up the following authentications in firebase:
phone number (OTP)
Google login
Facebook login
Question 1: For users logged in via OTP, I would like to request their email address, and ask them for verifying. I dont need password, because they will still log in with their mobile number, I just want them to verify their chosen email address. How can I do that in firebase? I know its possible to ask for verification with email/password login, but I dont need any passwords. Maybe I shall just add a dummy password in the background?
Question 2: Users logged in via facebook already have an email address that they use to log in. However I want them to verify their email address. As far as i know, email verification in firebase only possible with email/password authentication. How can I do an email verification with facebook authentication? Or lets say user can type in any email address (without password), and I send them a verification email. It is basically the same problem as in 'question 1'
Question 3: Users logged in via facebook / google authentication. How can I verify their phone numbers? I assume I can just simply do an OTP verification and link it to their existing authentication right?
Thank you,
I am creating an app where the user has to signup with an Email and Password. I want firebase to first verify the email if it does exist and it is an email and sends a link to the user to verify the email after this creates the account in firebase. So how can I do it can anyone tell me?
This has been covered quite a few times before, so I'll provide some links below. The bottom line is that the Firebase email+password provider provides no way to require email verification before account creation. The closest it has to that is the email link provider, which sends an email that signs the user into an account (without entering a password).
Some previous questions on the topic:
Verify a user's email address before confirming registration, with Flutter and Firebase
Firebase email verification at SignUp
How to prevent user authentication in Firebase/Vue.js BEFORE email is verified
more...
I'm creating a flutter app with firebase.
I've added as one of my auth method, google sign in.
But if I register with the same email with an email and password,
and then sign in via google with the same email, firebase will change the provider of the user from email and password to google and when you'll try to login with email and password, the older password will not be vaild any more and you'll have to go through a password reset process.
How can I prevent firebase from changing the user provider?? Or how can check if this email is already registed in my firebase project (with the same email of course)???
Under authentication -> sign in methods
Activate: One account per email address.
I already have user that register using email and password.
When the user log out, and then login with google that has the same email, the login success with the same userId from Auth, But the email password auth is disappeared (the envelope icon is gone). It's kind of replaced.
My App for SignIn has 3 buttons:
SignIn with Phone
SignIn with Email n Password
SignIn with Google
Let say I have user A that already sign up with :
email: awesomeA#gmail.com
pass: somepassword
And then the user A is for some reason sign out, then log in again using Google, but with the same email (awesomeA#gmail.com)
In Console Auth, userId A is same as before, but the icon in firebase Auth is only showing google, the icon for email password Auth is gone
NB: Why I use email password as primary auth? Because my app contains payment information. So if the device is being stolen, I want to make it secure using firebase re-authentification system. So as long as the thief doesn't know the password, he cannot use the virtual wallet to buy anything
If you send a verification email to the user with sendEmailVerfification(), and the user confirm it, it will be added to the providers instead of replacing it. Basically having a gmail email just means "verified" as well.
When you use Google login to authenticate with Firebase, you will never have access to the user's password. That is also true for other third-party logins that work with Firebase authentication (Facebook, Twitter).
If I create a Test User using an gmail email and password on Firebase Auth using signInWithEmailAndPassword. and then on a next visit sign in using Google Sign in with the same gmail email using signInWithPopup(provider). Then on the next visit I try to sign in with the same email using signInWithEmailAndPassword I get an error code that the
password is incorrect
Shouldn't the correct error code that handles the case where the email is linked to the google Provider so I can prompt user to sign in with google instead of trying to input email and password. Or trying to reset a password.
If you create an email/password user and then sign in with a Google user, the Google account will overwrite the email/password account (assuming it is not verified). This is for security reasons, as anyone can create an unverified email/password account, possibly claiming another user's email.
Firebase Overwrites Signin with Google Account
If you want to link a Google account to an email account, you can first sign in the user with Google and then currentUser.updatePassword to add a password. The next the user can sign in with Google or email/password.