I am making a login with Firebase (v3) Auth and I hit this problem:
- The user first signs up by email and password.
- Exit.
- Log in to Google later.
I expect the error to complain about the email address being used for another account, and then ask the user to enter a password to link the accounts, but instead, Firebase silently removes the email login method and password and returns a successful message .
Code for authentication with Google:
var provider = new firebase.auth.GoogleAuthProvider(); firebase.auth().signInWithPopup(provider).then( result => { console.log("federated (google) result", result); }, error => { console.log("federated (google) error", error); } );
Code for authentication by email and password:
// Login: firebase.auth().signInWithEmailAndPassword(this.state.email, this.state.password).then( ok => { console.log("email/pass sign in success", ok); }, error => { console.log("email/pass sign in error", error); } ) // Register: firebase.auth().createUserWithEmailAndPassword(this.state.email, this.state.password).then( ok => { console.log("Register OK", ok); }, error => { console.log("Register error", error); } )
I see in the manual that account binding is done by first signing with the user with their current provider / method and only then request credentials / get tokens for the new authentication method / provider. In my case, I don't know if they have other authentication providers until too late (Firebase overwrites it).
Is there a way to detect that email has already been done before Firebase overwrites the details of an existing account and asks the user to enter a password and link accounts? Or, better yet, link accounts automatically because they are logged in with Google and email addresses?
javascript firebase firebase-authentication
Vlad V
source share