5

I already have user that register using email and password.

When the user log out, and then login with google that has the same email, the login success with the same userId from Auth, But the email password auth is disappeared (the envelope icon is gone). It's kind of replaced.

My App for SignIn has 3 buttons:

  1. SignIn with Phone
  2. SignIn with Email n Password
  3. SignIn with Google

Let say I have user A that already sign up with : email: awesomeA@gmail.com pass: somepassword

And then the user A is for some reason sign out, then log in again using Google, but with the same email (awesomeA@gmail.com)

In Console Auth, userId A is same as before, but the icon in firebase Auth is only showing google, the icon for email password Auth is gone

NB: Why I use email password as primary auth? Because my app contains payment information. So if the device is being stolen, I want to make it secure using firebase re-authentification system. So as long as the thief doesn't know the password, he cannot use the virtual wallet to buy anything

Faruk
  • 5,438
  • 3
  • 30
  • 46
  • 1
    Google Authentication is the trusted provider for `@gmail.com` email addresses. See https://stackoverflow.com/questions/37947944/authentication-using-facebook-at-first-and-then-google-causes-an-error-in-fireba/37973121#37973121 – Frank van Puffelen Nov 02 '17 at 15:04
  • @Frank But why when I'm using linking auth, everything work fine? why not linking both auth instead of removing email password auth? Is that really that difficult? Or is there any api in admin.sdk that we can use to linking auth? – Faruk Nov 02 '17 at 22:39
  • I've edited my question to add my reason to make email and password as my primary auth – Faruk Nov 02 '17 at 22:44
  • 2
    When you are manually linking, you know for sure that both accounts (email/password and google credentials) are owned by the same user as both are obtained by the same user. When you are logging in with Google, you know the account is verified but you can't tell the email/password account belongs to that verified user. This is why it gets overwritten. – bojeil Nov 03 '17 at 06:40
  • Hmm.. I see, it means I need to create activity to re-linking with email and password again to make sure that the user that registered before is the same user.. Thank you bojeil, short question how to identify whether a user has email and password in auth or not? – Faruk Nov 03 '17 at 12:02

2 Answers2

2

If you send a verification email to the user with sendEmailVerfification(), and the user confirm it, it will be added to the providers instead of replacing it. Basically having a gmail email just means "verified" as well.

Jonathan
  • 3,893
  • 5
  • 46
  • 77
0

When you use Google login to authenticate with Firebase, you will never have access to the user's password. That is also true for other third-party logins that work with Firebase authentication (Facebook, Twitter).

Scott Kronheim
  • 762
  • 6
  • 7
  • FYI, firebase technology has feature called reauthenticate for examine the password is right or not without system knowing what is the password – Faruk Nov 02 '17 at 09:24
  • That is true. Is that reauthenticate feature what you were looking for? That method requires a Firebase credential object ... do you need to know how to build that credential object when the users logs in with Google? – Scott Kronheim Nov 02 '17 at 09:35
  • 1
    No.. My app support login with multiple auth, when first login email and password, and then log out, and login again but with google, the auth that uses email and password is deleted (the icon envelope is gone) – Faruk Nov 02 '17 at 10:45
  • At this point I'm not sure that I understand your question. Can you update your question to add some more detail, maybe with some screenshots that show the "icon envelope" you are talking about? Also, please indicate what platform you are using (web, Android, iOS, something else). Finally, it probably would help to post the code that runs when a user logs out. – Scott Kronheim Nov 02 '17 at 12:45