Closed felipe-gouveia closed 6 years ago
samtstern
commented
6 years ago @felipe-gouveia thank you for the very detailed reproduction steps! I need to talk to some other people to decide if this is:
bojeil-google
commented
6 years ago Hey @felipe-gouveia, this is currently work as intended.
To learn more why the Facebook provider is overwritten, check the following posts: https://groups.google.com/forum/#!searchin/firebase-talk/liu/firebase-talk/ms_NVQem_Cw/8g7BFk1IAAAJ
Please check this post on Facebook not being considered a verified email provider:
https://github.com/firebase/firebase-js-sdk/issues/340
If you are willing to take the risks here, I think you can set emailVerified to true on Facebook sign-up using the admin SDK: https://firebase.google.com/docs/auth/admin/manage-users#update_a_user
Easiest way to do it is via Firebase cloud function onCreate Auth event.
samtstern
commented
6 years ago Thank you @bojeil-google for weighing in!
itelo
commented
6 years ago @bojeil-google @samtstern even if I set emailVerified to true with Firebase cloud function onCreate, Google continues to overwriting facebook auth. What should I do next?
bojeil-google
commented
6 years ago Seems like a backend issue. Can you file a ticket with Firebase Support? I will try to recreate this next week to confirm.
ghost
commented
6 years ago @bojeil-google did you guys figure out a way to fix this. I couldn't find a resolution to prevent Facebook from being overwritten by google.
bojeil-google
commented
6 years ago Sorry about this. I was able to replicate the issue and filed an internal bug to fix it.
Motoxpro
commented
5 years ago Did this ever get fixed? Even after setting emailVerified to true using the admin-sdk, facebook still gets overwritten.
This wouldn't be nearly as bad if I could at least give my user some feedback to let them know this is happening.
itelo
commented
5 years ago @Motoxpro They said this is a expect behavior and don't have any plans to change it. :/
bojeil-google
commented
5 years ago Hey folks, if the email is verified (after Facebook sign-in) and you sign in with Google, the Facebook provider will be retained. This issue should be fixed now. Please let us know if you encounter any issues with that.
janniklind
commented
4 years ago But @bojeil-google - This doesn't help if the user has first signed in using Google, Apple Sign in etc. And then decides to sign in using Facebook. Then due to the Facebook guidelines, one should consider the facebook email verified and merge the account.
https://developers.facebook.com/docs/facebook-login/multiple-providers#associating2
It is a little weird that Google has let this hang for years, without fixing it. Indeed now that you have included Apple Sign In in Firebase, and here you do in fact trust the email. So come on, lets get the facebook emailVerified set to true by default, or give os the option to decide our self in the Firebase Console. - Using the admin SDK to set emailVerified = true for Facebook is not good enough, because that only works if the Facebook account is the first created one.
MemphisMeng
commented
3 years ago Folks! I created an account with Email + Password, then I logged out and logged in with Google which has my exact email address. At this moment, my previously existing password was eliminated. Is there a way to maintain the password without allowing multiple account per email address?
carrasc0
commented
2 years ago @felipe-gouveia thank you for the very detailed reproduction steps! I need to talk to some other people to decide if this is:
- A bug in FirebaseUI
- A bug in Firebase Auth
- "Working as intended" since we have some special provisions for Google accounts
I'll say is a Firebase issue. It also happen with Flutter as well.
maRci002
commented
2 years ago Did Facebook become trusted auth provider since?
I am reading Firebase docs: Handling account-exists-with-different-credential Errors
If you enabled the One account per email address setting in the Firebase console, when a user tries to sign in a to a provider (such as Google) with an email that already exists for another Firebase user's provider (such as Facebook), the error
auth/account-exists-with-different-credentialis thrown along with anAuthCredentialobject (Google ID token). To complete the sign in to the intended provider, the user has to sign first to the existing provider (Facebook) and then link to the formerAuthCredential(Google ID token).
Or the docs in the example is wrong since Google provider will overwrite Facebook auth provider implicitly?
martinralfreindl
commented
2 years ago I was just able to replicate this, so this issue still exists. Very unintuitive and not in agreement with docs as outlined by maRci002.
bulgarian-beast
commented
2 years ago Same problem, with Flutter x Firebase. Google Sign In override accounts created with email and password.
yaberkane05
commented
1 year ago why is this closed ? it is still replicable and a problem today..
Step 1: Are you in the right place?
Yes. :)
Step 2: Describe your environment
FirebaseUI version: 3.2.2
Would like to point out that this issue is not new. Has been noticed for a couple months now.
Step 3: Describe the problem:
Facebook provider is overwritten by Google provider when Google login is used after Facebook login. This issue happens even if the Facebook login is already email verified.
Steps to reproduce:
Now both providers show up. No issue when using Facebook login after Google login.
I would also like to point out that this issue does not happen when using email provider. If the user logs with email and then with Google it will work as intended, mantaining both providers.
Observed Results:
Expected Results: