Integration OAuth with Email/password in Firebase

0
votes

I've been trying to setup an application that supports 3 types of Authentication: - Email / password - Google (OAuth) - Facebook (OAuth)

In Firebase > Authentication > Sign-in methods, I've enabled the 3 options mentioned above. In Firebase > Authentication > Advanced, I have the following set: "Prevent creation of multiple accounts with the same email address"

Just FYI, the password I use in my app to create an account with [Email/password] is different from my Google account, which is also different from my Facebook account (3 separate passwords - very real world scenario)

I want a user to Sign up with whatever provider they want to and then later on, link any other available sign-in / authentication options.

I can manage to properly setup [Email / Password] or the OAuth providers (Google and Facebook). But, when I try and integrate all 3 together, all hell breaks loose. Some noted errors:

  1. Scenario A)

    • Create user with email / password / sign in / sign out (works fine)
    • Login with Google OAuth (associated to same email) as above, accounts are linked together / sign in / sign out
    • attempt to login with email/ password again -> ERROR
      • Google OAuth seems to have overridden the previous account settings

  2. Scenario B)

    • Create user with email / password / sign in / sign out (works fine)
    • Login with Facebook OAuth (associated to same email) as above, accounts are linked together but get an error when attempting to login because my password used doesn't match my Facebook password. Yet this DOESN'T HAPPEN when I link my Google and Facebook accounts together. Why this issue with [Email/password] and OAuth providers?

I know there have been some updates / changes recently within Firebase, maybe the documentation / examples I checked weren't up-to-date. Has anyone successfully been able to [Email/password] authentication with OAuth providers as well? Can anyone provide a good example online or some recent documentation I can take a look at?

Btw, running code in Angular5 if that helps. Thanks in advance for any help.

JB

1
firebaseoauthfirebase-authentication

1 Answers

1
votes

Scenario A) happens because the email/password is unverified. The account is unlinked to prevent hijacking. For example I can claim another person's google email and create an email/password account. The owner of that Google account will then try to login to that account. I should lose access to it. To solve, try verifying the email after the email/password account is created. The verified account will not be unlinked.

Scenario B) This does not happen because of the passwords. Firebase doesn't have access to your Facebook or Google password. Are you sure you linking the account correctly? When you try to login with Facebook using the same email as existing email/password, you will get an error that the credential already exists (the error also returns the Facebook credential), you will need to first sign in to the existing email/password account and then link the Facebook credential to that account.