I have been using Firebase authentication for a while and I have been using Facebook and Google logins. When I started it was not possible (or I didn't know) that you can limit on account per email and took care of it with Firebase database security rules and some code. In the database now I only have one account per email, but in the authentication accounts I have multiples per email. I would like to merge them or after the fact add the one account per email rule. Is that possible? If yes, how? And if not, is there any work around? It would be great to let people merge accounts. Thanks!
It is possible to merge accounts with the same email, even after some accounts have been created in Firebase Authentication.
First step is to disallow multiple-accounts-per-email by changing the setting in your Firebase project console. The change will only be applied to new users - all existing users will still sign into their existing accounts as before.
Since your app only uses Google/Facebook login, you can safely delete unwanted authentication accounts from the Firebase Console. Assuming in your database there is an entry (userid_1, email), and in you authentication project there are two accounts for the email (userid_1, email, Google) and (userid_2, email, Facebook). You can delete the (userid_2, email, Facebook) account using the Firebase Console or Firebase admin SDK. All subsequent logins with the same email, no matter via Google or Facebook, will always return the userid_1 account.
Related
I have a firebase project for which I have created a firebase firestore database. I use firebase auth for signing users in.
I want all documents in reference with a specific user to have their id equal to the users uid.
At first, I set the document id to the FirebaseAuth.FirebaseUser.uid
The problem with that is that the FirebaseUser.uid can change under certain circumstances (E.g. the user changes his Google account password)
Is there a persistent uid I can use to refer to a specific user no matter the authentication provider ? If not, what would be best practice ?
Normally, for a given user in Firebase Auth, the user unique ID (the uid generated by the Auth service) will never change.
For example, you can, with the Admin SDK, change the email of a user without changing its uid, see this doc.
You can also have several identity providers for the same account, with the same uid, see here:
You can sign in users to your apps using several methods: email
address and password, federated identity providers, and your custom
auth system. You can associate more than one sign-in method with a
user: for example, a user can sign in to the same account using an
email address and a password, or using Google Sign-In
Note that changing the password of an identity provider account (e.g. "changing the Google account password" as you mentioned) has no impact at all on the uid or on the other user account elements (actually the identity provider password is not stored in Firebase Auth).
So, in conclusion, using the uid generated by the Auth service is the best solution for your requirement.
I knew it is raised already, but i want to clear and sum it up.
I use FireBase authentication to allow the following Sign Up:
Facebook
Google
Email
When signed up with Email, but later decide you want to change credential to Facebook (Having the same email) You receive an error. Same issue from Google to Facebook.
The Error:
An account already exists with the same email address but different
sign-in credentials. Sign in using a provider associated with this
email address.
However, if you Logged with Facebook or Email you CAN change your credential to Google.
Theoretically you can allow multiple accounts with the same email:
However, it means (from what i understood) Firebase auth will generate a unique UserID for each additional credential which means that if you use UserID to track data of user (messages, score, etc..) you need somehow track all UserIDs from all credentials. This can ruin one of Firebase authentication purposes.
If you decide to go this way, you will need to link the accounts using LinkWithCredentialAsync. As i understood this can be ONLY be done if you are LOGGED IN with your other credential.
I rising this because i was disappointed to discover this only after implementing Firebase.
The solution from this thread Stackoverflow thread is creative (see pupadupa scheme), but i do not want to go this way.
If someone can add on to this and found some sort of solution, please post it.
In my app, if a user registers using email and password, but later tries to log in or register using a Google account that shares that email, the account gets converted to a Google account and the user can no longer sign in with their email and password. I've configured the project with One account per email address setting on.
Is there any way of preventing this?
This is the expected behavior as Google accounts are verified: Firebase Overwrites Signin with Google Account
There are 2 ways around this:
1. Verify emails of password users. Google provider will be added to the account without unlinking the password if the user is verified.
2. You will need to switch to "multiple accounts per email", but this means 2 accounts will be created here, one email/password and another for Google.
I recommend the first approach. Firebase Auth does this for security reasons. Any person can claim an email. Unless the ownership is verified, the password must be unlinked to prevent the impersonator from gaining access to the account.
I am building a web and mobile app using firebase. When signing with Google, firebase auto creates a new account in the project (Auth) if one does not exist. Its fine with the mobile app.
But with the web, I just want existing users (who created accounts with mobile app) to signin and not create new accounts via web.
How do I setup firebase not to create new accounts if one does not exist?
There isn't a way to restrict social sign-in with Firebase Auth to "only sign in, not sign up".
If you have a means of detecting users that have signed in using the app at some point (e.g. by writing a value to your database in a specific location), you could check for that value when signing in via the web, and, if missing, display a screen encouraging users to install the mobile app.
I think this is what you are looking for:
Link Multiple Auth Providers to an Account Using
JavaScript
You can allow users to sign in to your app using multiple
authentication providers by linking auth provider credentials to an
existing user account. Users are identifiable by the same Firebase
user ID regardless of the authentication provider they used to sign
in. For example, a user who signed in with a password can link a
Google account and sign in with either method in the future. Or, an
anonymous user can link a Facebook account and then, later, sign in
with Facebook to continue using your app.
There are many people who own multiple facebook or twitter accounts. And maybe they would like to merge their accounts in another service
Such as, I have 2 facebook accounts and want to access a game from both account. So if one account got deleted, I can login another to got access to the same
Is it possible in firebase? And how could I do?
Yes, Firebase Auth supports that via the Account Linking API.
User login into Firebase with the first Facebook account.
getCurrentUser() gives you the Firebase user.
Prompt the user to login with second Facebook account.
Link the second Facebook token:
getCurrentUser().linkWithCredential(facebookTokenCredential)
For the moment that is not possible. Firebase set an uuid for each facebook account when login for first time.