search

firebase / firebase-tools

The Firebase Command Line Tools
MIT License
4.02k stars 935 forks source link

Auth Emulator don't raise 'auth/account-exists-with-different-credential' errors #3518

Open Bullfrog1234 opened 3 years ago

Bullfrog1234 commented 3 years ago

[REQUIRED] Describe your environment

[REQUIRED] Describe the problem

When using the emulators signInWithPopup with two different providers (e.g. google and facebook) with the same email addresses does not raise the auth/account-exists-with-different-credential error .

The result that is returned is both providers linked to the same account. This does not emulate the real environment and makes testing code associated with linking accounts impossible in the emualtors.

Could also be an issue with signInWithRedirect I have not checked.

Note: createUserWithEmailAndPassword works as expected

Steps to reproduce:

  1. Use emulators in project
  2. Create an account using signInWithPopup with any provider
  3. Create a second account with a different provider using signInWithPopup making sure to use the same account
  4. Expect error: auth/account-exists-with-different-credential Does not arrive.
  5. Check emaultor UI and find the accounts are now linked without you doing anything

Note: No errors are raised in this process to pass on.

rosalyntan commented 3 years ago

Hi @Bullfrog1234, thanks for filing this! We are unable to promise any timeline for this, but if others also have this issue, adding a +1 on this issue can help us prioritize adding this to the roadmap.

(Googler-only internal tracking bug: b/191680800)

Bullfrog1234 commented 3 years ago

Hi @rosalyntan, understand this may not be fixed in the near term. Just wanted to get it on the roadmap for sometime.

maRci002 commented 2 years ago

When using the emulators signInWithPopup with two different providers (e.g. google and facebook) with the same email addresses does not raise the auth/account-exists-with-different-credential error .

The result that is returned is both providers linked to the same account. This does not emulate the real environment and makes testing code associated with linking accounts impossible in the emualtors.

Note: auth/account-exists-with-different-credential should be thrown only if account is linked to Google and user wants to sing in with Facebook because other way around Google overwrites Facebook provider for security reasons.

However if two providers are trusted like: Google and Apple then The result that is returned is both providers linked to the same account this is the expected behavior.