Open thasu24 opened 2 weeks ago
I couldn't figure out how to label this issue, so I've labeled it for a human to triage. Hang tight.
We are experiencing a very similar issue but we just using firebase auth in our system we started having email conflicts about 1 month ago for a small percentage of new users when check their emails in fireauth they had same email with different uid's as well We do not use any oauth providers only email and password
We have had the same issue happen again on Sept 11th. We have logs from the auth onCreate trigger that show 2 accounts being create within less than 1 minute. There is also a similar recent report on StackOverflow, but we couldn't find any follow up to that issue being reported to Firebase Support (see https://stackoverflow.com/questions/78906884/users-has-2-accounts-with-same-email-and-provider).
Operating System
Unknown (production customer)
Environment (if applicable)
React 18.2.0 (browser unknown)
Firebase SDK Version
10.12.2
Firebase SDK Product(s)
Auth
Project Tooling
React
Detailed Problem Description
We are seeing duplicate accounts in the Firebase Auth UI that were created with the same email address with different UIDs.
Our application uses createUserWithEmailAndPassword(auth, email, password), and we have a Cloud function onCreate that is triggered when a new account is created.
We have logs from the onCreate cloudfunction that show that the function was triggered twice at the time the duplicate accounts were created. There were no other accounts created within the hour before or after. The timestamps for the two events are 600 ms apart:
Function execution started: 2024-08-27T00:53:47.030317366Z
Function execution started: 2024-08-27T00:53:47.632004145Z
The impact of this is that a customer made a purchase, but was unable to access that purchase, as the purchase was in the account with the first UID that was created, which we suspect is now "hidden" behind the second account that was created with the same email address.
We have "Link accounts that use the same email" set in order to link accounts from different providers. Our understanding was that it should not be possible to have duplicate accounts created through the same method (in this case createUserWithEmailAndPassword).
We are not able to reproduce this, as attempting to create an account twice with the same email address result in an "auth/email-already-in-use".
We could not find any other similar bug reports, but did find this discussion on reddit that might be related to the same behavior: https://www.reddit.com/r/Firebase/comments/1dekmoz/hey_im_having_a_problem_with_authentication/
Steps and code to reproduce issue
Not possible, as it was a customer action in our production system.