[英]Ideal solution for firebase google provider login overriding other sign-in providers
I've been playing around with firebase multi-provider logins.我一直在玩 firebase 多提供商登录。 I enabled both email and google.
我启用了 email 和谷歌。
I've read somewhere that if the email is not yet verified and a user tries to login using google then the user account will be overridden albeit with the same user id.我在某处读到,如果 email 尚未经过验证并且用户尝试使用谷歌登录,那么即使使用相同的用户 ID,用户帐户也会被覆盖。
The reason for this is gmail is a trusted provider and Firebase unlinks the previous unverified email and overrides the data with google user data.原因是 gmail 是受信任的提供商,Firebase 取消了之前未验证的 email 的链接,并用谷歌用户数据覆盖了数据。
Based from what i've read from this comment , this is a security feature of Firebase and expected behavior.根据我从这条评论中读到的内容,这是 Firebase 的安全功能和预期行为。
My question is how do i handle such scenario when a user has been using his account with email and password and all of a sudden if a user logged in using gmail then he'll no longer be able to login using email and password.我的问题是,如果用户一直使用 email 和密码使用他的帐户,突然间如果用户使用 gmail 登录,那么他将不再能够使用 email 和密码登录,我该如何处理这种情况。
Yes, the user can just simply login using google login and is still the same user account and simply was overridden by google but some users may think this is a bug and not a good user experience.是的,用户可以简单地使用 google login 登录,并且仍然是同一个用户帐户,只是被 google 覆盖了,但一些用户可能认为这是一个错误,而不是良好的用户体验。
I had the same problem and I have a solution that might work for you.我有同样的问题,我有一个可能适合你的解决方案。
I am using Firebase Authentication for my Android app written in Kotlin. I am not sure what platform and language you are using, but if you are able to transfer the logic, the solution should work for you as well.我在 Kotlin 中编写的 Android 应用程序使用 Firebase 身份验证。我不确定您使用的是什么平台和语言,但如果您能够传输逻辑,该解决方案也应该适用于您。
For android, you use GoogleSignIn.getSignedInAccountFromIntent(data)
to authenticate the Google account.对于 android,您使用
GoogleSignIn.getSignedInAccountFromIntent(data)
来验证 Google 帐户。 Here data
is an object of type Intent
that has all the required data needed for authentication.这里的
data
是Intent
类型的 object,它包含身份验证所需的所有必需数据。
I was able to get the user email from the data
and if the same email was previously used to login to the app I deny the login and display an appropriate message.我能够从
data
中获取用户 email,如果之前使用相同的 email 登录该应用程序,我将拒绝登录并显示相应的消息。
Following is the line of code I have used to get the user's email.以下是我用来获取用户 email 的代码行。
val googleUser: GoogleSignInAccount = data!!.getParcelableExtra("googleSignInAccount")!!
I hope this points you in the right direction and sorry if the solution is not in the language you were looking for.我希望这能为您指明正确的方向,如果解决方案不是您正在寻找的语言,我们深表歉意。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.