3

I currently have the "One account per email address" setting on on Firebase Authentication. The problem is when a user logs in with Google OAuth using the same email address that was already used to create an email/password account, Google OAuth automatically replaces the email/password provider with its own.

I have the following set up on my error handling process so that a user could be prompted the choice to link the two accounts or not:

 if (error.code === 'auth/email-already-in-use' || error.code === 'auth/credential-already-in-use' || error.code === 'auth/account-exists-with-different-credential')

but Google OAuth doesn't even incur any error for me to catch. It simply and silently replaces the existing account.

Frank van Puffelen
  • 565,676
  • 79
  • 828
  • 807
Kevvv
  • 3,655
  • 10
  • 44
  • 90
  • 1
    Some providers are the trusted provider for certain email addresses. Specifically, the Google provider is the trusted provider for `@google.com`, `@gmail.com` and `@googlemail.com` addresses, and Microsoft is the preferred provider for `@outlook.com` addresses. For full details, see https://stackoverflow.com/q/40766312, https://github.com/firebase/FirebaseUI-Android/issues/1180, https://groups.google.com/d/msg/firebase-talk/ms_NVQem_Cw/8g7BFk1IAAAJ, and https://stackoverflow.com/a/46459975/209103 – Frank van Puffelen Jan 19 '20 at 02:33
  • @FrankvanPuffelen thank you for this. Is it possible to unlink the two accounts when the user chooses to do so further down the road? I know this can be done with `user.unlink(providerId)` with other providers, but I wonder if the same applies to the "trusted providers" – Kevvv Jan 19 '20 at 02:42
  • I don't think so as the accounts are not linked as far as I know. – Frank van Puffelen Jan 19 '20 at 16:16

1 Answers1

0

By default, Firebase allows one email per user. If a user who has already signup with email and password later sign in with Google OAuth. these user details are updated to the Google OAuth User details. Also, the email is automatically verified. THIS HOW MOST APP WORKS. You can prevent that by trying this

 const googlesignin =document.querySelector('#g-A-oauth')
 googlesignin.addEventListener('click', e=>{
      e.preventDefault()
 admin.auth().getUserByEmail('exampşe@email.com')
  .then(function(userRecord) {
    //if user email exist do something
    console.log('you already signin with wmail and password')
  })
  .catch(function(error) {
    firebase.auth().signInWithPopup(provider).then(function(result) {
  // This gives you a Google Access Token. You can use it to access the Google API.
  var token = result.credential.accessToken;
  // The signed-in user info.
  var user = result.user;
  // ...
}).catch(function(error) {
  // Handle Errors here.
  var errorCode = error.code;
  var errorMessage = error.message;
  // The email of the user's account used.
  var email = error.email;
  // The firebase.auth.AuthCredential type that was used.
  var credential = error.credential;
  // ...
});

  });
})
Medvik
  • 75
  • 1
  • 6
  • my issue is it doesn't incur an error so `signInWithPopup` in your example wouldn't be triggered – Kevvv Jan 19 '20 at 02:21
  • well, you can fetch the user email and check the previous method used to sign in then you can choose to sign the user up or trow an error. Good luck – Medvik Jan 19 '20 at 02:30
  • I am having the similar issue. I want to use both google and email/password with same uid. but firebase keeps replacing email with google. – lazzy_ms Jan 06 '21 at 07:44