Bug: Firebase Auth Google delete EmailPassword Auth - firebase

I already have user that register using email and password.
When the user log out, and then login with google that has the same email, the login success with the same userId from Auth, But the email password auth is disappeared (the envelope icon is gone). It's kind of replaced.
My App for SignIn has 3 buttons:
SignIn with Phone
SignIn with Email n Password
SignIn with Google
Let say I have user A that already sign up with :
email: awesomeA#gmail.com
pass: somepassword
And then the user A is for some reason sign out, then log in again using Google, but with the same email (awesomeA#gmail.com)
In Console Auth, userId A is same as before, but the icon in firebase Auth is only showing google, the icon for email password Auth is gone
NB: Why I use email password as primary auth? Because my app contains payment information. So if the device is being stolen, I want to make it secure using firebase re-authentification system. So as long as the thief doesn't know the password, he cannot use the virtual wallet to buy anything

If you send a verification email to the user with sendEmailVerfification(), and the user confirm it, it will be added to the providers instead of replacing it. Basically having a gmail email just means "verified" as well.

When you use Google login to authenticate with Firebase, you will never have access to the user's password. That is also true for other third-party logins that work with Firebase authentication (Facebook, Twitter).

Related

How to login/signup into flutter app using phone number & password [duplicate]

I am developing Android app using Firebase. Because of that, I want to use Firebase Auth. I have following requirements:
Register/Log in using Facebook
Register/Log in using Email/Password
Register/Log in using Phone Number/Password
The first two are OK, I followed basic tutorials. However, Phone Number / Password is the problem here. Firebase supports only Phone Number/SMS Token for this (its called Phone Auth), but there is no mention about my case. I do not want to hack Firebase and use its realtime database instead of Auth 'database'. Is there any better way to achieve this?
Thank you.
If you have both email and phone of your user and you can use Admin SDK, then perhaps you could exchange users phone number to his email and login with email and password in the background.
Something like this (node.js)
admin.auth().getUserByPhoneNumber(phoneNumber)
.then(user => {
firebase.auth().signInWithEmailAndPassword(user.email, password);
});
Firebase phone authentication is using OTP(one time password). This way there is no hassle for the user to remember the password. Once authenticated, you will be registered. The sms code acts as a password. But that is for one time. Usually , users prefer such behaviour in which you dont have to remember the passwords. If you are still looking for the way you want, see this link and create a custom authentication method.
https://firebase.google.com/docs/auth/android/custom-auth
I had a similar problem -
I combined firebase auth(email + password) with (phone+otp) to get phone+password auth -
https://medium.com/#shivampesitbng/firebase-phone-password-auth-in-vue-b94f15b8fb3d
Use Fake Email:
Well, Firebase doesn't support sign in with mobile number and password but it supports email and password. So you can create a fake email with your mobile number.
Ie: 78******69#yourdomain.com
Also, you can create a complete Authentication system using it.
Registration:
Input user mobile and password and proceed to the next page.
Now use Firebase Phone Auth (OTP) to createUser. If process success, link fake email, password credentials in background.
AuthCredential credential = EmailAuthProvider.getCredential(email, password);
auth.getCurrentUser().linkWithCredential(credential);
Login:
Input mobile and password to login. Convert the mobile in fake email and then signInWithEmailAndPassword().
Forget Password:
Redirect the user to a new Page and user Phone Auth to verify the user. If successful, input a new password and change the password of the Email Auth.

Make sure a user verified their email before signing them in

I'm in the middle of adding firebase email/password sign in inside a React app. Specifically, it's an e-commerce site, and users will be signed in anonymously before they create an account (for things like cart data).
Here's the ideal user flow:
User registers by providing an email and password
User is not signed in immediately and instead gets a verification email
If a user tries signing in before verifying their email, they cannot sign in
User then clicks on the verification link and can sign in
I'm having issues with #3 because it appears like the only way to check if an email is verified is by calling:
const { user } = await firebase
.auth()
.signInWithEmailAndPassword(email, password)
if (user?.emailVerified) //let them enter the dashboard
However, this process signs in the user even if the email is not verified. That destroys the data on the anonymous account. And merging the two accounts isn't possible because the user thinks they are not signed in (hence it could cause UX issues if the accounts are already merged).
Any ideas?
If you're using the email+password provider, there is no way to prevent the user from signing in without a verified email address. You can of course keep them from using your app and accessing data, but you can't keep them from signing in.
If you want to ensure the user can only sign in after their email address has been verified, consider using the email link provider. You can then later allow them to set a password on the same account, either through the Admin SDK, or by creating a email+password account and linking that with the email link account. Also see the documentation on differentiating email/password from email link for some of the nuances here.

How to add Email Authentication with Firebase in Flutter Application?

I am creating an app where the user has to signup with an Email and Password. I want firebase to first verify the email if it does exist and it is an email and sends a link to the user to verify the email after this creates the account in firebase. So how can I do it can anyone tell me?
This has been covered quite a few times before, so I'll provide some links below. The bottom line is that the Firebase email+password provider provides no way to require email verification before account creation. The closest it has to that is the email link provider, which sends an email that signs the user into an account (without entering a password).
Some previous questions on the topic:
Verify a user's email address before confirming registration, with Flutter and Firebase
Firebase email verification at SignUp
How to prevent user authentication in Firebase/Vue.js BEFORE email is verified
more...

Changing Sign in method in Firebase

I have a Flutter app for Android and IOS. Initially when I published the app I allowed users to sign in with Google, Facebook, Apple and Email.
Now I want to remove Google, Facebook and Apple sign in methods and only keep the sign up with email & password. My problem is, there are many users already signed up with Facebook and Google.
I wanted to know, is there any way to change all the non email & password users to change email & password sign in method & send them an email verification email?
Thank you
FirebaseUser use = await _auth.currentUser();
use.linkWithCredential(credential).then((value) {
print("done----------------------${value.user}");
});
you can link your accounts
Firebase Auth user accounts can't simply be converted as you describe. What you can do is have each user go through an auth flow that has them link an email/password auth method to their existing account, then unlink the original method. There is no automation for this - it will require user input to go through the linking process.

How to prevent from firebase auth to change user provider - flutter firebase

I'm creating a flutter app with firebase.
I've added as one of my auth method, google sign in.
But if I register with the same email with an email and password,
and then sign in via google with the same email, firebase will change the provider of the user from email and password to google and when you'll try to login with email and password, the older password will not be vaild any more and you'll have to go through a password reset process.
How can I prevent firebase from changing the user provider?? Or how can check if this email is already registed in my firebase project (with the same email of course)???
Under authentication -> sign in methods
Activate: One account per email address.

Resources