Reputation: 2070
Firebase Auth Linking Merging of accounts issues
I have my app set up so that users can use it without logging in. This includes being able to save data. Each device/browser tuple generates a new anonymous user account for storing data.
I'm in the process of adding (facebook) login so that users can make sure their data persists across browsers and devices.
The firebase documentation shows how to handle a case where a user tries to link their account from multiple anonymous accounts and recommends an approach for merging data:
https://firebase.google.com/docs/auth/web/account-linking
My problem with this approach is that it deletes the original account that was linked which essentially boots the first account out of it's logged in state.
Imagine this flow for a single user:
- Logs into device A & saves data
- Logs into device B & saves more data.
- On device A begins "login" flow using facebook for and ends up linking facebook credentials.
- On device B they login/link facebook again (linking fails so we must use an alternate method for recourse).
- The process recommended deletes the original account generated on device A & they must log in using facebook again on this device.
I've implemented a different process which doesn't result in device A being booted, and instead logs device B into the account generated on device A. My problem with this flow is that I can't delete the user data from device B once I've successfully logged in to device A because I'm using access control rules on firebase so that user data may only be modified by the logged-in user who it belongs to.
potential (suboptimal) solutions:
- Delete the user data before logging into the other account but then if it fails at any point user data is lost.
- Upon successful login to account A I could then log out, log into account B, delete B's data and then log back in to account A but this solution seems very inelegant.
I'm confused as to why the example in firebase docs seems to have this glaring issue and wondering what the best practice for this situation is.
Upvotes: 3
Views: 192
Answers (1)
Reputation: 2070
I got no responses, but I implemented what I find to be an "elegant enough" solution to the problem.
Instead of deleting the prevUser's account & data after succesful login to the other account, I just delete the account:
I implemented a firebase function to handle the deletion of the orphaned user data:
Upvotes: 2
Related Questions
- Linking accounts in AngularFire2
- Merging more than 2 accounts into one
- Firebase Auth : Linking Anonymous Account
- Firebase auth linking error - User can only be linked to one identity for the given provider
- Firebase Phone Auth along with account linking
- Firebase Auth: link two pre-existing accounts
- How to correctly link different Auth accounts in Firebase IOS
- Firebase account linking error
- Firebase authentication: linking multiple accounts in Swift
- Firebase linking multiple auth providers without matching email