Expose user UID prior to signIn in anonymous account merge conflict

[willbattel]

Step 1: Are you in the right place?

Yes

Step 2: Describe your environment

• Objective C or Swift: Swift
• iOS version: >=11.1
• Firebase SDK version: 6.18.0
• FirebaseUI version: 8.4.2
• CocoaPods Version: 1.9.1

Step 3: Describe the problem:

The code snippet in the FUIAuth docs shows how the FUIAuthDelegate handles merge conflicts for anonymous account upgrades.

We're using Firebase Auth to anonymously authenticate users when they start their first session. Later on, they may choose to sign into a non-anonymous provider. When this happens, we have to handle merging/migration of user data in the event that the destination account already exists, such as when signing in from a second device. Logically, this process isn't very complicated. The only tricky part is making this process as resilient/atomic as possible, such that a user cannot get stuck in some sort of "limbo" state or experience data loss in the case of an auth or database error.

In the solution we believe to be most resilient, we'd want to start the [Firestore] user data migration before we sign them into the existing account. Otherwise, if we were to migrate the data after the signIn, we create the possibility of data loss where, if the data migration fails for whatever reason, we would not be able to revert to the anonymous user- because the anonymous user would've been discarded upon signIn.

This requires us to know the user ID of the existing user, for which FirebaseUI currently only gives us a Credential, before we sign in to it. We would call a "Callable" Cloud Function authenticated as the anonymous user, with the destination user ID as a parameter, that would merge the anonymous user's Firestore data into the destination user's. Only upon the successful data merge would we continue with the signIn, because at that point we would be required to abandon and delete the anonymous user. This creates the benefit that the user's data cannot be migrated by anyone other than the data's owner. We wouldn't want to allow the possibility of users migrating other users' data- which we'd have to concede if we couldn't authenticate the Cloud Function as the anonymous user (which we can only do prior to signIn).

Would it be possible for FirebaseUI to expose the user uid in addition to the credential? I don't believe this would be a security risk, given that the UIDs are not considered secrets.

As a workaround, it's possible we could somehow use Firestore to lookup the user based on the provider, i.e., their phone number or email, in order to get the uid- but this is both ugly and more fragile than if we could get it directly from FirebaseUI.

We think the solution we have in mind for account merging makes sense- but we're definitely not the first to do it, so we're open to other suggestions.

[willbattel]

Looking at the source, it looks like the issue is with FIRAuth, not FUIAuth. I've filed an issue on the main iOS SDK repository.

https://github.com/firebase/FirebaseUI-iOS/blob/master/Auth/FirebaseAuthUI/FUIAuth.m#L239