1

In my app, if a user registers using email and password, but later tries to log in or register using a Google account that shares that email, the account gets converted to a Google account and the user can no longer sign in with their email and password. I've configured the project with One account per email address setting on.

Is there any way of preventing this?

KENdi
  • 7,576
  • 2
  • 16
  • 31
Joe Zim
  • 1,787
  • 1
  • 15
  • 16

1 Answers1

1

This is the expected behavior as Google accounts are verified: Firebase Overwrites Signin with Google Account

There are 2 ways around this: 1. Verify emails of password users. Google provider will be added to the account without unlinking the password if the user is verified. 2. You will need to switch to "multiple accounts per email", but this means 2 accounts will be created here, one email/password and another for Google.

I recommend the first approach. Firebase Auth does this for security reasons. Any person can claim an email. Unless the ownership is verified, the password must be unlinked to prevent the impersonator from gaining access to the account.

bojeil
  • 29,642
  • 4
  • 69
  • 76
  • I went to the Firebase support email system and have been back and forth with them, but they never bothered to tell me about #1. They just told me this was intended because Google is the "trusted provider" for gmail accounts. THANK YOU. – Joe Zim Oct 30 '18 at 15:58