Reputation: 213
Integration OAuth with Email/password in Firebase
I've been trying to setup an application that supports 3 types of Authentication: - Email / password - Google (OAuth) - Facebook (OAuth)
In Firebase > Authentication > Sign-in methods, I've enabled the 3 options mentioned above. In Firebase > Authentication > Advanced, I have the following set: "Prevent creation of multiple accounts with the same email address"
Just FYI, the password I use in my app to create an account with [Email/password] is different from my Google account, which is also different from my Facebook account (3 separate passwords - very real world scenario)
- [Email/password]: [email protected], Password123
- [Google]: [email protected], Password456
- [Facebook]: [email protected], Password789
I want a user to Sign up with whatever provider they want to and then later on, link any other available sign-in / authentication options.
I can manage to properly setup [Email / Password] or the OAuth providers (Google and Facebook). But, when I try and integrate all 3 together, all hell breaks loose. Some noted errors:
Scenario A)
- Create user with email / password / sign in / sign out (works fine)
- Login with Google OAuth (associated to same email) as above, accounts are linked together / sign in / sign out
- attempt to login with email/ password again -> ERROR
- Google OAuth seems to have overridden the previous account settings
Scenario B)
- Create user with email / password / sign in / sign out (works fine)
- Login with Facebook OAuth (associated to same email) as above, accounts are linked together but get an error when attempting to login because my password used doesn't match my Facebook password. Yet this DOESN'T HAPPEN when I link my Google and Facebook accounts together. Why this issue with [Email/password] and OAuth providers?
I know there have been some updates / changes recently within Firebase, maybe the documentation / examples I checked weren't up-to-date. Has anyone successfully been able to [Email/password] authentication with OAuth providers as well? Can anyone provide a good example online or some recent documentation I can take a look at?
Btw, running code in Angular5 if that helps. Thanks in advance for any help.
JB
Upvotes: 0
Views: 825
Answers (1)
Reputation: 30798
Scenario A) happens because the email/password is unverified. The account is unlinked to prevent hijacking. For example I can claim another person's google email and create an email/password account. The owner of that Google account will then try to login to that account. I should lose access to it. To solve, try verifying the email after the email/password account is created. The verified account will not be unlinked.
Scenario B) This does not happen because of the passwords. Firebase doesn't have access to your Facebook or Google password. Are you sure you linking the account correctly? When you try to login with Facebook using the same email as existing email/password, you will get an error that the credential already exists (the error also returns the Facebook credential), you will need to first sign in to the existing email/password account and then link the Facebook credential to that account.
Upvotes: 3
Related Questions
- firebase email/password auth with REST API
- Firebase Authentication API Email/Password Android
- firebase authentication with email and username and password
- How can i login to Firebase using the details of email authentication
- Firebase Authentication With Email & Password
- Firebase Authentication using email/password
- Firebase Email and Password Authentication with android - User sign up
- Firebase Authentication connect Email with Phone
- firebase simple email password authentication
- Logging in via Firebase Email/Password