Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Facebook provider overwritten by Google provider #1180

Closed
felipe-gouveia opened this issue Mar 5, 2018 · 17 comments
Closed

Facebook provider overwritten by Google provider #1180

felipe-gouveia opened this issue Mar 5, 2018 · 17 comments

Comments

@felipe-gouveia
Copy link
Contributor

Step 1: Are you in the right place?

Yes. :)

Step 2: Describe your environment

  • Android device: Google Pixel
  • Android OS version: 8.1.0
  • Google Play Services version: 11.8.0
  • Firebase/Play Services SDK version: 11.8.0
  • FirebaseUI version: 3.2.2

Would like to point out that this issue is not new. Has been noticed for a couple months now.

Step 3: Describe the problem:

Facebook provider is overwritten by Google provider when Google login is used after Facebook login. This issue happens even if the Facebook login is already email verified.

Steps to reproduce:

  1. Login using Facebook.
  2. Validate email of Facebook login (although this step is not necessary)
  3. At this point, check provider in Firebase Console Authentication > Users. It shows Facebook provider.
  4. Logout user.
  5. Login using Google.
  6. Refresh Firebase Console Authentication > Users page (here you should refresh the whole page using F5. The change will not show up when using the reload button in console). Facebook provider is now gone, only showing the Google provider.
  7. Logout user.
  8. Try login with Facebook again. It will prompt that there is already a google login, as if the Facebook
    login never existed.
  9. Login using Facebook.
  10. Now both providers show up. No issue when using Facebook login after Google login.

I would also like to point out that this issue does not happen when using email provider. If the user logs with email and then with Google it will work as intended, mantaining both providers.

Observed Results:

  • Google provider overwrites Facebook provider if user had previous logged in with Facebook provider.

Expected Results:

  • When logging with Google provider after the Facebook provider, both providers should be kept (like
    how it works with email provider).
@samtstern
Copy link
Contributor

@felipe-gouveia thank you for the very detailed reproduction steps! I need to talk to some other people to decide if this is:

  • A bug in FirebaseUI
  • A bug in Firebase Auth
  • "Working as intended" since we have some special provisions for Google accounts

@bojeil-google
Copy link

Hey @felipe-gouveia, this is currently work as intended.

To learn more why the Facebook provider is overwritten, check the following posts:
https://groups.google.com/forum/#!searchin/firebase-talk/liu/firebase-talk/ms_NVQem_Cw/8g7BFk1IAAAJ

Please check this post on Facebook not being considered a verified email provider:
firebase/firebase-js-sdk#340

If you are willing to take the risks here, I think you can set emailVerified to true on Facebook sign-up using the admin SDK: https://firebase.google.com/docs/auth/admin/manage-users#update_a_user
Easiest way to do it is via Firebase cloud function onCreate Auth event.

@samtstern
Copy link
Contributor

Thank you @bojeil-google for weighing in!

@itelo
Copy link

itelo commented Mar 11, 2018
edited
Loading

@bojeil-google @samtstern even if I set emailVerified to true with Firebase cloud function onCreate, Google continues to overwriting facebook auth. What should I do next?

@bojeil-google
Copy link

Seems like a backend issue. Can you file a ticket with Firebase Support? I will try to recreate this next week to confirm.

@ghost
Copy link

ghost commented Jul 24, 2018

@bojeil-google did you guys figure out a way to fix this. I couldn't find a resolution to prevent Facebook from being overwritten by google.

@bojeil-google
Copy link

Sorry about this. I was able to replicate the issue and filed an internal bug to fix it.

@SUPERCILEX SUPERCILEX mentioned this issue Aug 28, 2018
Merged
@phreakadelle2k phreakadelle2k mentioned this issue Sep 26, 2018
Closed
@Motoxpro
Copy link

Did this ever get fixed? Even after setting emailVerified to true using the admin-sdk, facebook still gets overwritten.

This wouldn't be nearly as bad if I could at least give my user some feedback to let them know this is happening.

@itelo
Copy link

itelo commented Jun 26, 2019

@Motoxpro They said this is a expect behavior and don't have any plans to change it. :/

@bojeil-google
Copy link

Hey folks, if the email is verified (after Facebook sign-in) and you sign in with Google, the Facebook provider will be retained. This issue should be fixed now. Please let us know if you encounter any issues with that.

@janniklind
Copy link

janniklind commented Apr 11, 2020
edited
Loading

But @bojeil-google - This doesn't help if the user has first signed in using Google, Apple Sign in etc. And then decides to sign in using Facebook. Then due to the Facebook guidelines, one should consider the facebook email verified and merge the account.

https://developers.facebook.com/docs/facebook-login/multiple-providers#associating2

It is a little weird that Google has let this hang for years, without fixing it. Indeed now that you have included Apple Sign In in Firebase, and here you do in fact trust the email. So come on, lets get the facebook emailVerified set to true by default, or give os the option to decide our self in the Firebase Console. - Using the admin SDK to set emailVerified = true for Facebook is not good enough, because that only works if the Facebook account is the first created one.

@russellwheatley russellwheatley mentioned this issue Feb 19, 2021
Closed
@MemphisMeng
Copy link

Folks! I created an account with Email + Password, then I logged out and logged in with Google which has my exact email address. At this moment, my previously existing password was eliminated. Is there a way to maintain the password without allowing multiple account per email address?

@carrasc0
Copy link

@felipe-gouveia thank you for the very detailed reproduction steps! I need to talk to some other people to decide if this is:

  • A bug in FirebaseUI
  • A bug in Firebase Auth
  • "Working as intended" since we have some special provisions for Google accounts

I'll say is a Firebase issue. It also happen with Flutter as well.

@maRci002 maRci002 mentioned this issue Dec 23, 2021
Open
@maRci002
Copy link

Did Facebook become trusted auth provider since?

I am reading Firebase docs: Handling account-exists-with-different-credential Errors

If you enabled the One account per email address setting in the Firebase console, when a user tries to sign in a to a provider (such as Google) with an email that already exists for another Firebase user's provider (such as Facebook), the error auth/account-exists-with-different-credential is thrown along with an AuthCredential object (Google ID token). To complete the sign in to the intended provider, the user has to sign first to the existing provider (Facebook) and then link to the former AuthCredential (Google ID token).

Or the docs in the example is wrong since Google provider will overwrite Facebook auth provider implicitly?

@martinralfreindl
Copy link

I was just able to replicate this, so this issue still exists. Very unintuitive and not in agreement with docs as outlined by maRci002.

@bulgarian-beast
Copy link

Same problem, with Flutter x Firebase.
Google Sign In override accounts created with email and password.

@yaberkane05
Copy link

why is this closed ? it is still replicable and a problem today..

@lukehutch lukehutch mentioned this issue May 11, 2024
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests