🐛 [FirebaseAuth] Apple Sign in Method when user already have Microsoft account forcefully changes provider instead of throwing account-exists-with-different-credential

[vitor-soares-iteam]

Bug report

We have Microsoft Sign in and Apple Sign in implemented within our app. I have an Apple ID with the same e-mail as my microsoft Azure AD e-mail. At first I had created an microsoft account

Then, I tried to log in using Apple sign in using the same e-mail registered with my microsoft account. with "await FirebaseAuth.instance.signInWithCredential(appleCredential);"

The expected outcome was an exception with the code: "account-exists-with-different-credential" Since I already had a microsoft account with that e-mail.

Instead, my account was simply changed into an apple provider account, resulting in some unexpected outcomes. Including not being able to access through the microsoft credential anymore.

The Microsoft sign in is made calling the method "signInWithProvider(MicrosoftAuthProvider())" and it works fine and gives the expected outcome: "throws exception with code account-exists-with-different-credential".

Since this bug needs apple authentication and microsoft authentication implemented, its quite hard to provide code to reproduce this behavior.

Let me know if I can help with anything else.

Edit: When I tried doing the same with an E-mail provider account the result was that the two providers were automatically merged.

Apparently only when the account is based on microsoft provider the microsoft provider gets replaced.

[darshankawar]

Thanks for the report @vitor-soares-iteam Can you provide what platform are you seeing this behavior on ? (Android, iOS or web) ? Can you take a look at the plugin example and use the same scenario and see if using it, you get same behavior or not ?

I tried to log in using Apple sign in using the same e-mail registered with my microsoft account.

This probably could be a reason as the email id is same in your case and could be creating the conflict. Is there a way for you to verify this using different email id, ie, apple and micrsoft with different email ids ?

[vitor-soares-iteam]

Hello, @darshankawar . Thanks for the fast reply! Here are the follow-ups on your questions:

• Can you provide what platform are you seeing this behavior on ? (Android, iOS or web) ? A: Experiencing this behavior on Flutter when using iOS devices.

• Can you take a look at the plugin example and use the same scenario and see if using it, you get same behavior or not ? A: The plugin example doesn't implement microsoft sign in nor apple sign in. This can't be tested with the example.

• This probably could be a reason as the email id is same in your case and could be creating the conflict. Is there a way for you to verify this using different email id, ie, apple and microsoft with different email ids ? A: If I use different e-mails, then different accounts would be created successfully. The purpose of this is that I actually expect the conflict to happen, and firebaseAuth plugin is expected to throw an exception with the "account-exists-with-different-credential" code. Which is not happening, firebase is changing the provider of that e-mail from microsoft to apple. (This is an error handling scenario that is not throwing errors when it should)

Best regards,

[darshankawar]

Thanks for the feedback.

• The plugin example doesn't implement microsoft sign in nor apple sign in. This can't be tested with the example.

It does have both sign-in implementations as you can see below:

https://github.com/firebase/flutterfire/blob/6380a278812d2b046e59376a64df92210397282d/packages/firebase_auth/firebase_auth/example/lib/auth.dart#L105

https://github.com/firebase/flutterfire/blob/6380a278812d2b046e59376a64df92210397282d/packages/firebase_auth/firebase_auth/example/lib/auth.dart#L96

I unfortunately don't have MS and Apple accounts with same email id, so can't recreate / replicate this behavior myself. With different emails though, it works as expected.

I am keeping this issue open for team's attention and insights on expected behavior.

[darshankawar]

/cc @Lyokone

[vitor-soares-iteam]

@darshankawar thans for linking the file of the correct example. I was looking the one on pub.dev page. Sorry. Anyway, I've tested with the same implementation from the example:

      final appleProvider = AppleAuthProvider();
      appleProvider.addScope('email');
      UserCredential credential = await FirebaseAuth.instance.signInWithProvider(appleProvider);

This approach has the same problem ( Previous Microsoft account gets replaced with apple provider)

The approach I'm currently using is:

       final AuthorizationResult result = await TheAppleSignIn.performRequests([
         AppleIdRequest(requestedScopes: [Scope.email, Scope.fullName])
       ]);
       final appleIdCredential = result.credential;
       final AuthCredential appleCredential = OAuthProvider('apple.com').credential(
         accessToken: String.fromCharCodes(appleIdCredential!.authorizationCode!),
         idToken: String.fromCharCodes(appleIdCredential.identityToken!),
       );
      UserCredential credential = await FirebaseAuth.instance.signInWithCredential(appleCredential);

Notice the example implementation calls signInWithProvider, and the implementation I'm currently using calls signInWithCredential.

The problem reported about the Apple provider replacing Microsoft provider happened on both implementations.

Hope this information helps a bit.

Best regards,

P.S: Another thing I noticed is that even adding "appleProvider.addScope('full_name');" the attributes "givenName" and "familyName" returned by apple are not present on the first oficial example approach. With the approach I'm currently using that uses the "TheAppleSignIn" plugin to retrieve an AppleIdCredential gives me access to those attributes.