如何防止 Firebase 身份验证在首次登录时隐式创建新用户?
[英]How to prevent Firebase Authentication creating a new user implicitly on first sign-in?
问题描述
I have a Firebase backed React Native application which allows customers to sign in via email/password, Google ID or Apple ID.
我有一个 Firebase 支持的 React Native 应用程序,它允许客户通过电子邮件/密码、Google ID 或 Apple ID 登录。 It's mainly working fine but I've noticed a UX problem which stems from the behaviour of the signInWithCredential method which creates a new user implicitly on first sign in.它主要工作正常,但我注意到一个用户体验问题,该问题源于signInWithCredential方法的行为,该方法在首次登录时隐式创建一个新用户。
You create a new user in your Firebase project by calling the createUserWithEmailAndPassword method or by signing in a user for the first time using a federated identity provider, such as Google Sign-In or Facebook Login.
This seems handy and meant my "register" or "sign up" function was basically the same as my "login" function.这似乎很方便,意味着我的“注册”或“注册”function 与我的“登录”function 基本相同。
However from the customer's perspective it's confusing.然而,从客户的角度来看,这是令人困惑的。 Eg if they come to the app and forget they used email/password to sign-up and click "Sign in with Google", click accept in the OAuth popup, then they get logged in to a brand new account they've never used before and of course their previous data/history/purchases are absent.例如,如果他们来到应用程序并忘记他们使用电子邮件/密码注册并点击“使用 Google 登录”,点击 OAuth 弹出窗口中的接受,然后他们登录到一个他们以前从未使用过的全新帐户当然,他们以前的数据/历史/购买也不存在。
If a new customer signs in via OAuth, I want to receive the auth/user-not-found error as listed in the API docs here so that I can present the "normal" UX of saying "You don't have an account with those credentials, please sign up first" or similar to apply some friction and help the user to realise they're on the wrong path.如果新客户通过 OAuth 登录,我想auth/user-not-found API 文档中列出的身份验证/用户未找到错误,这样我就可以呈现“正常”用户体验,即“您没有帐户这些凭据,请先注册”或类似内容以施加一些摩擦并帮助用户意识到他们走错了路。 ie I want sign up to be completely independent from sign in and prevent accidental, spurious accounts being created.即我希望注册完全独立于登录,并防止创建意外的虚假帐户。
BTW I understand (and have tested) that if a customer subsequently uses a second provider which shares the same email address already registered, then Firebase does some clever stuff to migrate or unify the accounts.顺便说一句,我知道(并且已经测试过)如果客户随后使用第二个供应商共享相同的 email 地址已经注册,那么 Firebase 会做一些聪明的事情来迁移或统一账户。 But I can't be sure a customer's Google ID would match the email they used with an email/password account creation (eg work vs personal or other reasons) so there would still be duplicate/spurious accounts.但我不能确定客户的 Google ID 是否与他们在创建电子邮件/密码帐户时使用的 email 匹配(例如,工作与个人或其他原因),因此仍然会有重复/虚假帐户。 There's also the "one account per email" option to tweak this)还有“每封电子邮件一个帐户”选项来调整这个)
I actually find it curious that there don't seem to be any discussions about this, as the lack of a "don't auto-register" flag prevents a typical UX supporting a clear difference between "new here? signup" onboarding vs. "got an account? login" for existing customers.我真的很奇怪似乎没有任何关于这个的讨论,因为缺少“不自动注册”标志阻止了典型的用户体验支持“新在这里?注册”入职与注册之间的明显区别。 “有帐户?登录”现有客户。 So perhaps I'm missing something obvious.所以也许我遗漏了一些明显的东西。
1 个解决方案
解决方案1
0 2022-10-01 08:10:50
After discussing with a few people I have a tentative answer - you can't prevent it.在与几个人讨论后,我有一个初步的答案——你无法阻止它。
It seems this is pretty much standard behaviour from the auth providers like Firebase, and apparently most people would expect this UX.这似乎是 Firebase 等身份验证提供商的标准行为,而且显然大多数人都期待这种 UX。 I just must be in the minority.我只是少数。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.