search

FirebaseExtended / polymerfire

Polymer Web Components for Firebase
https://www.webcomponents.org/element/firebase/polymerfire
MIT License
459 stars 142 forks source link

Google provider overrides Twitter and others #254

Open colincannon-acp opened 6 years ago

colincannon-acp commented 6 years ago

Description

After logging in and logging out with twitter sign on a firebase user is created with twitter as the provider. Next if I log in with the same email address and use google as the provider, the provider in the firebase user console is changed to google.

Expected outcome

Firebase should return an error that says: "An account already exists with the same email address but different sign-in credentials. Sign in using a provider associated with this email address."

Actual outcome

Instead, the provider is changed from twitter to google for the firebase user. And the user can not sign in in the future with twitter, because the provider is set to google.

Live Demo

Steps to reproduce

  1. Using polymerfire, sign in to your application with twitter with a user that is not yet a firebase user.
  2. Log into your firebase console and go to authentication > users and find the new user to confirm that the provider is twitter.
  3. Log out of your application and sign in with google.
  4. Go back to your firebase console and refresh the user list to confirm that the provider has been changed from twitter to google.

Browsers Affected

tjmonsi commented 6 years ago

I think this can be fixed with #256 by linking additional providers. I'll check on this as well by the weekend

khammami commented 6 years ago

@colincannon-acp check Firebase console > Authentication > SIGN-IN METHOD > "one account per email address" if it's active. you have to enable it. once you have signed in with one of the available providers you've to mange the linking others to Firebase account tied to the first provider that you have used it to create the account.

=>https://firebase.google.com/docs/auth/web/account-linking