Google provider overwrites Facebook provider (and makes logging in with Facebook impossible)

[phreakadelle2k]

Are you in the right place?
Yes, I think so...

The Environment

• Operating System version: Windows 10 Professional (1803)
• Browser version: Mozilla Firefox 62.0.2
• Firebase SDK version: 5.5.1
• Firebase Product: auth

The problem
When a user signs in via Facebook, then signs out and signs in again via Google, signing in via Facebook won't work anymore. That means, when the user now signs out and tries to sign in via Facebook again, the popup opens, does some work, but the user will remain logged out.

Tried it several times. I found a hint to using a function (trigger for onCreate) here.

This basically says that one could use a cloud function to set "emailVerified" to true, whenever a user is created. At least that's what I understood that this would be a workaround.

But even this won't work. Tried it, tested it (the cloud function (see below) sets "emailVerified" to true).

Expected behaviour
A user can log on with different providers that use the same e-mail address and providers don't overwrite each other in any case.

Current behaviour
Google provider seems to overwrite Facebook provider and makes it impossible to use Facebook for signing in later on.

Steps to reproduce
Use Firebase auth as explained in the documentation.

Relevant Code (very basic stuff)
Auth service:

import { auth } from 'firebase';

// Gets called when user clicks on "Login with Facebook" button
export async function loginWithFacebook() {
  const response = await auth().signInWithPopup(new auth.FacebookAuthProvider());
  return response.user;
}

// Gets called when user clicks on "Login with Google" button
export async function loginWithGoogle() {
  const response = await auth().signInWithPopup(new auth.GoogleAuthProvider());
  return response.user;
}

export function getCurrentUser() {
  return auth().currentUser;
}

// Gets called when user clicks on "Logout" button
export async function logout() {
  await auth().signOut();
}

Cloud function:

import * as functions from 'firebase-functions';
import * as admin from 'firebase-admin';

admin.initializeApp();

export const verifyFacebookMail = functions.auth.user()
  .onCreate((user: admin.auth.UserRecord, context: functions.EventContext) => {
    if (!user.emailVerified) {
      admin.auth().updateUser(user.uid, { emailVerified: true });
    }
})

[bojeil-google]

This is the expected behavior. Please check the following:
#340
#569

There are many posts on this on stackoverflow.

When you sign in again with Facebook, an error would be thrown and you would need to link the facebook credential to the existing Google account.
https://firebase.google.com/docs/auth/web/google-signin#handling-account-exists-with-different-credential-errors

If you want to consider Facebook emails verified and not go through the above, you can always set them as verified via the Firebase Admin SDK (updateUser API) when onCreate is triggered with a Facebook user..

[Motoxpro]

Posted in the other thread aswell, as I'm sure other people are pulling their hair out over this.

Even after setting emailVerified to true using the admin-sdk, facebook still gets overwritten.

[bojeil-google]

This is a bug on our end. Setting emailVerified to true should not overwrite the facebook provider. I have pinged the backend Auth team on this but I would also recommend you also file a bug with the support team to track it.

[bojeil-google]

Hey folks, if the email is verified (after Facebook sign-in) and you sign in with Google, the Facebook provider will be retained. This issue should be fixed now. Please let us know if you encounter any issues with that.