Authentication using Facebook at first and then Google causes an error in Firebase for Android

Question

As I understand from the Firebase Docs, if a user authenticates his account with a credential, he should strictly login by using the same credential if the credential is not

Answer 1

To minimize the login UI clicks without compromising the account security, Firebase Authentication has a concept of 'trusted provider', where the identity provider is also the email service provider. For example, Google is the trusted provider for @gmail.com addresses, Yahoo is the trusted provider for @yahoo.com addresses, and Microsoft for @outlook.com addresses.

In the "One Account per Email address" mode, Firebase Authentication tries to link account based on email address. If a user logins from trusted provider, the user immediately signs into the account since we know the user owns the email address.

If there is an existing account with the same email address but created with non-trusted credentials (e.g. non-trusted provider or password), the previous credentials are removed for security reason. A phisher (who is not the email address owner) might create the initial account - removing the initial credential would prevent the phisher from accessing the account afterwards.

Jin Liu

Answer 2

In firebase, it is very important to verify user email account the first time they login with Facebook , by sending a verification email.

Once email is verified, you can login with both Facebook and Gmail if user is using @gmail.com as email address.

Facebook Login -> Click Link in Verification Email -> Gmail Login -> Facebook Login (OK)

Facebook Login -> Gmail Login -> Click Link in Verification Email -> Facebook Login (NOT OK)

If you did not verify the Facebook email before user logout and try to login with their gmail, you will not be able to login with Facebook again the moment they login with their gmail.

Answer 3

I had the same problem, all you have to do is go to Firebase Console and then in the "Authentication" category delete the user that you want.

That works to me.

Answer 4

I finally ended with this logic:

If user try to sign in with Facebook, but user with given email already exist (with Google provider) and this errors occures:

"An account already exists with the same email address but different sign-in credentials. Sign in using a provider associated with this email address."

So, just ask user to loging using Google (and after it silently link Facebook to existing account)

Answer 5

Allow creation of multiple accounts with the same email address is what you are looking for.

That works fine ONLY if you check the email in your backend and that's the reference for your users. If you use the Firebase Id then that won't enable to keep unique users.

Answer 6

Please check the thread: https://groups.google.com/forum/#!searchin/firebase-talk/liu/firebase-talk/ms_NVQem_Cw/8g7BFk1IAAAJ It explains why this happens. This is due to some security issue with Google emails being verified whereas Facebook emails are not.