firebase 谷歌提供商登录覆盖其他登录提供商的理想解决方案

Question

I've been playing around with firebase multi-provider logins. I enabled both email and google.

I've read somewhere that if the email is not yet verified and a user tries to login using google then the user account will be overridden albeit with the same user id.

The reason for this is gmail is a trusted provider and Firebase unlinks the previous unverified email and overrides the data with google user data.

Based from what i've read from this comment , this is a security feature of Firebase and expected behavior.

My question is how do i handle such scenario when a user has been using his account with email and password and all of a sudden if a user logged in using gmail then he'll no longer be able to login using email and password.

Yes, the user can just simply login using google login and is still the same user account and simply was overridden by google but some users may think this is a bug and not a good user experience.

Answer 1

I had the same problem and I have a solution that might work for you.

I am using Firebase Authentication for my Android app written in Kotlin. I am not sure what platform and language you are using, but if you are able to transfer the logic, the solution should work for you as well.

For android, you use GoogleSignIn.getSignedInAccountFromIntent(data) to authenticate the Google account. Here data is an object of type Intent that has all the required data needed for authentication.

I was able to get the user email from the data and if the same email was previously used to login to the app I deny the login and display an appropriate message.

Following is the line of code I have used to get the user's email.

val googleUser: GoogleSignInAccount = data!!.getParcelableExtra("googleSignInAccount")!!

I hope this points you in the right direction and sorry if the solution is not in the language you were looking for.