Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

Authentication using Facebook at first and then Google causes an error in Firebase for Android

People also ask

How do I fix this app is not authorized to use Firebase authentication?

Make sure you add the SHA1 key from Play Console to your app in the Firebase Console. Also, the google-services. json file needs to be downloaded again, and added to app, after submitting to app store. Then re-upload to google play store.

Does Firebase handle authentication?

Firebase Authentication provides backend services, easy-to-use SDKs, and ready-made UI libraries to authenticate users to your app. It supports authentication using passwords, phone numbers, popular federated identity providers like Google, Facebook and Twitter, and more.


Go to Authentication > Sign-in providers, click Multiple accounts per email address and Allow creation of multiple accounts with the same email address is what you are looking for.

Account email address setting


Please check the thread: https://groups.google.com/forum/#!searchin/firebase-talk/liu/firebase-talk/ms_NVQem_Cw/8g7BFk1IAAAJ It explains why this happens. This is due to some security issue with Google emails being verified whereas Facebook emails are not.


I finally ended with this logic:

If user try to sign in with Facebook, but user with given email already exist (with Google provider) and this errors occures:

"An account already exists with the same email address but different sign-in credentials. Sign in using a provider associated with this email address."

So, just ask user to loging using Google (and after it silently link Facebook to existing account)

Facebook and Google Sign In logics using firebase


To minimize the login UI clicks without compromising the account security, Firebase Authentication has a concept of 'trusted provider', where the identity provider is also the email service provider. For example, Google is the trusted provider for @gmail.com addresses, Yahoo is the trusted provider for @yahoo.com addresses, and Microsoft for @outlook.com addresses.

In the "One Account per Email address" mode, Firebase Authentication tries to link account based on email address. If a user logins from trusted provider, the user immediately signs into the account since we know the user owns the email address.

If there is an existing account with the same email address but created with non-trusted credentials (e.g. non-trusted provider or password), the previous credentials are removed for security reason. A phisher (who is not the email address owner) might create the initial account - removing the initial credential would prevent the phisher from accessing the account afterwards.

Jin Liu


In firebase, it is very important to verify user email account the first time they login with Facebook , by sending a verification email.

Once email is verified, you can login with both Facebook and Gmail if user is using @gmail.com as email address.

Facebook Login -> Click Link in Verification Email -> Gmail Login -> Facebook Login (OK)

Facebook Login -> Gmail Login -> Click Link in Verification Email -> Facebook Login (NOT OK)

If you did not verify the Facebook email before user logout and try to login with their gmail, you will not be able to login with Facebook again the moment they login with their gmail.

Update - If you choose to always trust Facebook emails.

You can set up a firebase function (trigger) that automatically set emailVerified to true when the first login is via a facebook account.

Sample code.

const functions = require('firebase-functions');
const admin = require('firebase-admin');

exports.app = functions.auth.user().onCreate( async (user) => {

  if (user.providerData.find(d => d && d.providerId === 'facebook.com') || user.providerData === 'facebook.com') {
    
      try {
      await admin.auth().updateUser(user.uid, {
          emailVerified: true
        })
      } catch (err) {
        console.log('err when verifying email', err)
      }
  }
})

Doc: Firebase Auth Trigger