stackoom
  简体   繁体   中英

How to prevent Firebase Authentication creating a new user implicitly on first sign-in?

 原文  2022-09-22 05:08:07       javascript/ firebase/ react-native/ firebase-authentication/ oauth

Question

I have a Firebase backed React Native application which allows customers to sign in via email/password, Google ID or Apple ID. It's mainly working fine but I've noticed a UX problem which stems from the behaviour of the signInWithCredential method which creates a new user implicitly on first sign in.

You create a new user in your Firebase project by calling the createUserWithEmailAndPassword method or by signing in a user for the first time using a federated identity provider, such as Google Sign-In or Facebook Login. https://firebase.google.com/docs/auth/web/manage-users#create_a_user

This seems handy and meant my "register" or "sign up" function was basically the same as my "login" function.

However from the customer's perspective it's confusing. Eg if they come to the app and forget they used email/password to sign-up and click "Sign in with Google", click accept in the OAuth popup, then they get logged in to a brand new account they've never used before and of course their previous data/history/purchases are absent.

If a new customer signs in via OAuth, I want to receive the auth/user-not-found error as listed in the API docs here so that I can present the "normal" UX of saying "You don't have an account with those credentials, please sign up first" or similar to apply some friction and help the user to realise they're on the wrong path. ie I want sign up to be completely independent from sign in and prevent accidental, spurious accounts being created.

BTW I understand (and have tested) that if a customer subsequently uses a second provider which shares the same email address already registered, then Firebase does some clever stuff to migrate or unify the accounts. But I can't be sure a customer's Google ID would match the email they used with an email/password account creation (eg work vs personal or other reasons) so there would still be duplicate/spurious accounts. There's also the "one account per email" option to tweak this)

I actually find it curious that there don't seem to be any discussions about this, as the lack of a "don't auto-register" flag prevents a typical UX supporting a clear difference between "new here? signup" onboarding vs. "got an account? login" for existing customers. So perhaps I'm missing something obvious.

1 answers

solution1
 0  2022-10-01 08:10:50

After discussing with a few people I have a tentative answer - you can't prevent it.

It seems this is pretty much standard behaviour from the auth providers like Firebase, and apparently most people would expect this UX. I just must be in the minority.

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question Google firebase Sign-in show no email option on first sign-in Firebase authentication error "The given sign-in provider is disabled" Firebase Sign-in with email after google sign-in has error : The password is invalid or the user does not have a password How to switch between emailLink and password sign-in method in firebase auth? Firebase self sign-in issue "Error updating Google" message when trying to enable Google Sign-In for Firebase Authentication Is there any way to skip the sign-in window once the user has signed in once using Firebase? Problems with creating new user in firebase How can I get email and full name from Firebase Apple sign-in? How to provide demo account for Google Play Store if app uses only Google Sign-in Firebase?
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM