linking anonymous Firebase user with custom token user

Question

I want users to be automatically logged in anonymously when they first visit the site, and then at any point they should be able to log in with an external provider such as Google or LinkedIn, and continue to use the data that had been stored under the anonymous account.

let currentUser = auth.currentUser;
if (!currentUser) {
    currentUser = (await auth.signInAnonymously()).user;
}

I have implemented OAuth 2.0 flows to enable users to log into my system using various providers including LinkedIn. My back-end generates a JWT access token which is provided to the web client.

const accessToken = {
  sub: my-service-account@my-firebase-project.iam.gserviceaccount.com,
  iss: my-service-account@my-firebase-project.iam.gserviceaccount.com,
  aud: "https://identitytoolkit.googleapis.com/google.identity.identitytoolkit.v1.IdentityToolkit",
  uid: 1234
  // other claims...
}

const newUser = await auth.signInWithCustomToken(accessToken);

All good so far - but how do I link the two? According to the account linking documentation I should be able to do something like this:

if (currentUser && currentUser.isAnonymous) {
    const provider = new firebase.auth.OAuthProvider('myprovider');
    const credential = provider.credential(token, token);
    const linkedUser = await currentUser.linkWithCredential(credential);
}

However, firebase sends a request to https://www.googleapis.com/identitytoolkit/v3/relyingparty/verifyAssertion

{
  idToken: {
    "provider_id": "anonymous",
    "iss": "https://securetoken.google.com/my-firebase-project",
    "aud": "my-firebase-project",
    "user_id": anonymousUserId,
    "sub": anonymousUserId,
    "firebase": {
      "identities": {},
      "sign_in_provider": "anonymous"
    }
  }
  postBody: {
    id_token: token, 
    access_token: token
    providerId: "myprovider"
  }
  requestUri: "http://localhost"
  returnIdpCredential: true
  returnSecureToken: true
}

and I get a 400 error response:

INVALID_CREDENTIAL_OR_PROVIDER_ID : Invalid IdP response/credential: http://localhost?id_token=${token}&access_token=${token}&provider=myprovider

My front-end is https running on port 3000, and my backend is at /api/oauth/, also https

how do you configure a different requestUri?
what is the endpoint supposed to do?

Apparently this is a "feature": https://github.com/firebase/firebase-js-sdk/blob/master/packages/auth/src/authcredential.js#L418 — Nicholas Albion, Jul 04 '19 at 15:44
I've raised an issue - https://github.com/firebase/firebase-js-sdk/issues/1943 — Nicholas Albion, Jul 04 '19 at 16:20
Check this post: https://stackoverflow.com/questions/40171663/linking-custom-auth-provider-with-firebase — bojeil, Jul 08 '19 at 21:41

linking anonymous Firebase user with custom token user

0 Answers0