If I create a Test User using an gmail email and password on Firebase Auth using signInWithEmailAndPassword. and then on a next visit sign in using Google Sign in with the same gmail email using signInWithPopup(provider). Then on the next visit I try to sign in with the same email using signInWithEmailAndPassword I get an error code that the
password is incorrect
Shouldn't the correct error code that handles the case where the email is linked to the google Provider so I can prompt user to sign in with google instead of trying to input email and password. Or trying to reset a password.
If you create an email/password user and then sign in with a Google user, the Google account will overwrite the email/password account (assuming it is not verified). This is for security reasons, as anyone can create an unverified email/password account, possibly claiming another user's email.
Firebase Overwrites Signin with Google Account
If you want to link a Google account to an email account, you can first sign in the user with Google and then currentUser.updatePassword to add a password. The next the user can sign in with Google or email/password.
Related
I'm creating a flutter app with firebase.
I've added as one of my auth method, google sign in.
But if I register with the same email with an email and password,
and then sign in via google with the same email, firebase will change the provider of the user from email and password to google and when you'll try to login with email and password, the older password will not be vaild any more and you'll have to go through a password reset process.
How can I prevent firebase from changing the user provider?? Or how can check if this email is already registed in my firebase project (with the same email of course)???
Under authentication -> sign in methods
Activate: One account per email address.
I implemented social login using firebase SDK and i tried login using my facebook account l got this error
An account already exists with the same email address but different sign-in credentials. Sign in using a provider associated with this email address
Note
I have only facebook and twitter login in my app and my facebook email not have twitter
when I reviewed user at firebase console l already have user with this email that was registered by facebook (the same provider)
How can the same provider generate different credentials?
You get this error when the user already signed in with the same email using a different provider. eg. user signs up with Twitter using user#example.com and then signs in with Facebook using user#example.com.
Since one account per email is enabled in the project settings, the only way to recover in this case is to sign in with the first provider (Twitter in the example above) and then linkWithCredential the Facebook credential to the existing Twitter account. By doing so, the user can sign in to the same account with either provider in the future.
Firebase Auth does this for security reasons. They want to verify that this is the same user signing in and do not want to automatically link without verifying the user's ownership of both account.
I already have user that register using email and password.
When the user log out, and then login with google that has the same email, the login success with the same userId from Auth, But the email password auth is disappeared (the envelope icon is gone). It's kind of replaced.
My App for SignIn has 3 buttons:
SignIn with Phone
SignIn with Email n Password
SignIn with Google
Let say I have user A that already sign up with :
email: awesomeA#gmail.com
pass: somepassword
And then the user A is for some reason sign out, then log in again using Google, but with the same email (awesomeA#gmail.com)
In Console Auth, userId A is same as before, but the icon in firebase Auth is only showing google, the icon for email password Auth is gone
NB: Why I use email password as primary auth? Because my app contains payment information. So if the device is being stolen, I want to make it secure using firebase re-authentification system. So as long as the thief doesn't know the password, he cannot use the virtual wallet to buy anything
If you send a verification email to the user with sendEmailVerfification(), and the user confirm it, it will be added to the providers instead of replacing it. Basically having a gmail email just means "verified" as well.
When you use Google login to authenticate with Firebase, you will never have access to the user's password. That is also true for other third-party logins that work with Firebase authentication (Facebook, Twitter).
I don't know why this thing is happening. I am using android with firebase auth. In sign in method Google and facebook are enable only. And I am allowing only one account per email. I am alos not merging accounts.
What I am doing is :
loged in with facebook. let my email is "xyz#gmail.com" for facebook login.
loged out from facebook.
now login with same email "xyz#gmail.com" but this time i am choosing google login.
now logged out from google
Now when I again login with facebook and email is same i.e. xyz#gmail.com.
It show an error that user is allready register with difrent auth
provider
I have an Android app with use Firebase authentication using email and password. Recently added Google provider now my users can sign in wih his Google account, the problem is the following
There's an existing user example#gmail.com registered on my app, later the user sign in with his Google account Firebase automatically change the provider of the account from email to Google, the problem the user sign out and try to login with his email/password and got a message
The password is invalid or the user does not have a password
I understand why happens, but users (you know they are users) get frustrated because can't login with his email/password
There's some way to tell Firebase to keep the user password or when a user login with Google and this convertion happens in order to notify to user
Note My app only allow one account per email
I found there's a method fetchProvidersForEmail I asume I can build a flow over that method that check which provider have the user and allow the user chose if want to keep if old password by asking and linking account or just continue