Firebase recover password transforms account type

0
votes

we are building an angular 5 app with Firebase. We allow users to login with email+password or google account and we don't allow to have multiple accounts related to the same email address. We built a form to allow users to ask for a Password Reset Email if they forgot their email password credentials and works perfectly if the user has an email+password account.

The problem arises when the reset email is asked for a google account. We'd expect for firebase to throw an error, not allowing to send the email, but the email is sent and if the user proceeds resetting the email the account is transformed from google type to an email+password.

Is there a way to prevent this behaviour ?

1
firebasefirebase-authentication
Under the current user object, there is a property called "providerData" which is an array of all the auth providers linked to the account. each object in the array contains the providerID, for Google it is "google.com", for email and password it is "password". Maybe you can use this information to decide to show this form to only users with email and password authentication. firebase.google.com/docs/reference/js/… - Gerardo

1 Answers

0
votes

There is no way to prevent this. When a user resets their password, they are making a conscious decision to do so. Firebase is providing a way to recover an email account, in case it was hijacked. In the process all providers are unlinked and a password is set on the account.

You have a way to check if the email is associated with google provider or not. Checkout the fetchSignInMethodsForEmail and fetchProvidersForEmail APIs. These APIs would return the array of sign in methods or providers associated with an email.