Firebase logging in with new provider (Google) removes previous provider (password)

Question

I'm making a login with Firebase (v3) Auth and I hit this problem:

1. User signs up initially with email and password.
2. Logout.
3. Later, sign in with Google.

I would expect an error complaining that the e-mail address is used for a different account, and then ask the user to type the password to then link the accounts, but instead Firebase silently removes the email/password login method and returns a success message.

Code for authentication with Google:

var provider = new firebase.auth.GoogleAuthProvider();
firebase.auth().signInWithPopup(provider).then(
    result => {
        console.log("federated (google) result", result);
    },
    error => {
        console.log("federated (google) error", error);
    }
);

Code for authentication with email and password:

// Login:
firebase.auth().signInWithEmailAndPassword(this.state.email, this.state.password).then(
    ok => {
        console.log("email/pass sign in success", ok);
    },
    error => {
        console.log("email/pass sign in error", error);
    }
)

// Register:
firebase.auth().createUserWithEmailAndPassword(this.state.email, this.state.password).then(
    ok => {
        console.log("Register OK", ok);
    },
    error => {
        console.log("Register error", error);
    }
)

I see in the guide that account linking is done by first signing in a user with their current provider/method and only then ask for credentials/obtain tokens for the new authentication method/provider. In my case, I don't know if they have other authentication providers until too late (Firebase overwrites it).

Is there a way to detect the email is already taken before Firebase overwrites the details of the already existing account and ask the user to type their password and link the accounts? Or, even better, link the accounts automatically given they have logged in with Google and email addresses match?

Answer 1

I figured it out. Firebase behaves as it should and this was not a technical/coding problem. It's more of a documentation issue.

When a user signs up with email and password, logs out and signs in with a different method (that wasn't used before), two things can happen:

1. If the email is confirmed, the email/password credentials are remembered when you login with a new provider (the desired outcome in my question).

or

2. If the email is unconfirmed, the user is updated such that the email/password credentials are removed and the new login method will be kept. User details like displayName are not updated automatically.