i am using firebase for user authentication for my project
i added two sign in method : email/password and google sign in.
But i dont want to allow user to login with same email using email and google signin provider.
I know i can disable this option from firebase project settings. But i am not able to find this option
Related
Lately I started looking into PoC with Auth0 for our use case where we want to allow users to login with Google and Facebook, also want Guest user to login and access our API and once guest user choose to login with Google and Facebook then we can link guest user so that their data will be served once logout.
Here's the things which I am to able to do till now with PoC:
Able to Login with Google and Facebook through client App.
Access authenticated API after getting bearer token from client App.
Things which still need to do, I tried to search but couldn't found good resource:
I want user to login as Guest user and latter if they want they can login with Google/FB and link their account.
Also, I am looking into Rest login API in Auth0 so that we can hit login API after getting access token from Google/FB and register user into Auth0 and get the token for API access.
It would be great if anyone help me on above two points. Thanks!
I use firebase authentication for my web app with three providers: email-password, google, or facebook. I have enabled the option "One account per email address".
When a user signs up using email-password (with a gmail address), then later uses google sign-in, I expect to receive an exception "auth/account-exists-with-different-credential", but I do not. His providerId is changed to google.com and he cannot use his password anymore (throws "auth/wrong-password").
Is this normal behaviour?
Firebase Authentication has a concept of a preferred provider for certain email addresses. The most common one is that google.com is the preferred provider for #gmail.com addresses, but I think they also exist for Facebook and Microsoft accounts.
If an existing account later signs up again from a preferred provider, that provider overwrites the existing user account. There is no way to change this behavior (that I know of).
Also see:
Github issue Facebook provider overwritten by Google provider
Mailing list Firebase Social Authentication Issue with fb and gmail flow
Authentication using Facebook at first and then Google causes an error in Firebase for Android
This is how I'm solving it:
https://firebase.google.com/docs/auth/android/account-linking
Just link the "accounts".
Update 2023:
You can now choose if you want to allow 'User account linking'. For example, if you don't allow multiple accounts with the same email address, a user cannot create a new account that signs in using a Google Account with the email address ex#gmail.com if there already is an account that signs in using the email address ex#gmail.com and a password.
If you do allow multiple accounts with the same email address, your app's sign-in flow cannot rely on an email address to identify a user account.
You can find this under settings within Firebase Authentication.
There are some caveats to using this feature, please read about it here
I had a Google account based on not-GMail-account. I had another email company's email as a login to my Google Account (myemailhere#ukr.net). And I used this Google account to login the dialogflow.cloud.google.com.
Today Google suggested me to create a #gmail.com account and attcach it to my myemailhere#ukr.net Google Account. I have confirmed and created the myemailhere#gmail.com.
Using both of this logins (myemailhere#gmail.com and myemailhere#ukr.net) I am still able to login my cloud.google.com Profile. But when I try to login the Dialogflow Profile (dialogflow.cloud.google.com) - I see the eternal loading animation (or a totally blank page). There is no errors about password or something like this. Just login process after I submit the password and then white page. This behavior I see on all my devices, while I trying to login with myemailhere#gmail.com or myemailhere#ukr.net
And I see some 400 errors in web console (if it matters).
Could you please help me to fix this and get access to DialogFlow?
Screen that I see after the login and password entering
Do you have the project owner role for the mentioned username that is registered on your project in the GCP console (not Dalogflow Console)? Here is a list of roles related to Dialogflow that grant access to its Console.
Note that some of these roles give full access or edit access while other roles have permissions that simply gives view access to the Dialogflow Console.
If you are missing any of these then simply assign on your GCP project's console.
Assigning roles as described above did not work for me. Solution was to delete gmail email service from the account.
Instructions here
If you would like to use gmail, do NOT add gmail to your existing google account. You should instead create a seperate google account and use gmail from this seperate account
I'm using okta to sign-in to my react based web application. There is an edit action within the app that requires the user to re-enter his password. I've checked the docs and couldn't find anything similar. The closest I got to was the 're-authenticate' user part. However, that's only based on time. I want to achieve similar functionality based on an event(say, button click). Can I do this using refresh tokens? (I'm not clear about the whole idea of refresh token). Is there a workaround or a specific okta API that allows me to do this?
I have contacted Okta support and they advised me to use the Okta MFA factors(OTP to email/phone, Google Auth etc.) and not to prompt the user to enter a password.
MFA Factors API: https://developer.okta.com/docs/reference/api/factors/
Is there a setting, either in Google projects or in Firebase databases for specifying that unauth should not cache user credentials? One I have logged into my app via the Firebase Google authentication, calling unauth() does not permit me to log in again with a different account. An attempt to login after that immediately logs in with the old credentials without asking for a new username and password. Closing and reopening the browser after the logout didn't help.
Firebase doesn't have access to your credentials when you use its Google authentication. Instead it uses OAuth to create a relationship between the Google account and your application.
When you call unauth Firebase expires the token that is part of the current session. But it does not remove the relationship between the Google account and your application. That's why you "automatically" get a new token when you call auth... next time.
It is up to each individual user to revoke the rights, which in the case of a Google account they can do at the Account Permissions page: https://security.google.com/settings/security/permissions