Closed felipe-gouveia closed 6 years ago
@felipe-gouveia thank you for the very detailed reproduction steps! I need to talk to some other people to decide if this is:
Hey @felipe-gouveia, this is currently work as intended.
To learn more why the Facebook provider is overwritten, check the following posts: https://groups.google.com/forum/#!searchin/firebase-talk/liu/firebase-talk/ms_NVQem_Cw/8g7BFk1IAAAJ
Please check this post on Facebook not being considered a verified
email provider:
https://github.com/firebase/firebase-js-sdk/issues/340
If you are willing to take the risks here, I think you can set emailVerified
to true on Facebook sign-up using the admin SDK: https://firebase.google.com/docs/auth/admin/manage-users#update_a_user
Easiest way to do it is via Firebase cloud function onCreate Auth event.
Thank you @bojeil-google for weighing in!
@bojeil-google @samtstern even if I set emailVerified
to true with Firebase cloud function onCreate, Google continues to overwriting facebook auth. What should I do next?
Seems like a backend issue. Can you file a ticket with Firebase Support? I will try to recreate this next week to confirm.
@bojeil-google did you guys figure out a way to fix this. I couldn't find a resolution to prevent Facebook from being overwritten by google.
Sorry about this. I was able to replicate the issue and filed an internal bug to fix it.
Did this ever get fixed? Even after setting emailVerified to true using the admin-sdk, facebook still gets overwritten.
This wouldn't be nearly as bad if I could at least give my user some feedback to let them know this is happening.
@Motoxpro They said this is a expect behavior and don't have any plans to change it. :/
Hey folks, if the email is verified (after Facebook sign-in) and you sign in with Google, the Facebook provider will be retained. This issue should be fixed now. Please let us know if you encounter any issues with that.
But @bojeil-google - This doesn't help if the user has first signed in using Google, Apple Sign in etc. And then decides to sign in using Facebook. Then due to the Facebook guidelines, one should consider the facebook email verified and merge the account.
https://developers.facebook.com/docs/facebook-login/multiple-providers#associating2
It is a little weird that Google has let this hang for years, without fixing it. Indeed now that you have included Apple Sign In in Firebase, and here you do in fact trust the email. So come on, lets get the facebook emailVerified set to true by default, or give os the option to decide our self in the Firebase Console. - Using the admin SDK to set emailVerified = true for Facebook is not good enough, because that only works if the Facebook account is the first created one.
Folks! I created an account with Email + Password, then I logged out and logged in with Google which has my exact email address. At this moment, my previously existing password was eliminated. Is there a way to maintain the password without allowing multiple account per email address?
@felipe-gouveia thank you for the very detailed reproduction steps! I need to talk to some other people to decide if this is:
- A bug in FirebaseUI
- A bug in Firebase Auth
- "Working as intended" since we have some special provisions for Google accounts
I'll say is a Firebase issue. It also happen with Flutter as well.
Did Facebook become trusted auth provider since?
I am reading Firebase docs: Handling account-exists-with-different-credential Errors
If you enabled the One account per email address setting in the Firebase console, when a user tries to sign in a to a provider (such as Google) with an email that already exists for another Firebase user's provider (such as Facebook), the error
auth/account-exists-with-different-credential
is thrown along with anAuthCredential
object (Google ID token). To complete the sign in to the intended provider, the user has to sign first to the existing provider (Facebook) and then link to the formerAuthCredential
(Google ID token).
Or the docs in the example is wrong since Google provider will overwrite Facebook auth provider implicitly?
I was just able to replicate this, so this issue still exists. Very unintuitive and not in agreement with docs as outlined by maRci002.
Same problem, with Flutter x Firebase. Google Sign In override accounts created with email and password.
why is this closed ? it is still replicable and a problem today..
Step 1: Are you in the right place?
Yes. :)
Step 2: Describe your environment
FirebaseUI version: 3.2.2
Would like to point out that this issue is not new. Has been noticed for a couple months now.
Step 3: Describe the problem:
Facebook provider is overwritten by Google provider when Google login is used after Facebook login. This issue happens even if the Facebook login is already email verified.
Steps to reproduce:
Now both providers show up. No issue when using Facebook login after Google login.
I would also like to point out that this issue does not happen when using email provider. If the user logs with email and then with Google it will work as intended, mantaining both providers.
Observed Results:
Expected Results: