There doesn't seem to be any mention of this in the documentation, and all I found was this and this, where I would like to confirm this:
If there is an existing account with the same email address but created with other credentials (e.g. password or non-trusted provider), the previous credentials are removed for security reasons.
If a user signs in through Facebook or email/password and later through Google, their account sign in method is converted to Google. It only happens with Google and the setting for one account only is active.
Is it intended to be like this and is there any way to stop it?
If you haven't yet connected your app to your Firebase project, do so from the Firebase console. Enable Email/Password sign-in: In the Firebase console, open the Auth section. On the Sign in method tab, enable the Email/password sign-in method and click Save.
FOR FIREBASE V9 (modular) USERS: if any others trying this code please don't forget to re-login (firebase needs recent login token) firebase user. then only firebase will allow to change email address.
As the documentation says: certain email domains have a trusted provider. Most prominently: Google is the trusted provider for @gmail.com addresses, since it's the only issuer of these email addresses.
If a user first registers their gmail address with say Facebook, and later there is a registration with that same gmail address from the Google provider, the latter registration is considered to overrule the former. If the user later signs in with Facebook again, the two accounts can be linked.
As far as I know, the only way to prevent this is to allow multiple accounts per email address.
Also see these posts by some of the Firebase Authentication engineers:
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With