Does Firebase create accounts for all authentication types?

Question

Email registrations are seen as a new record under the Simple Login → Email tab in our forge.

But what happens when a user Signs In using one of the OAuth2 logins like Facebook or Google?

Take the example right off the site and apply multiple contexts to it:

{
  "rules": {
    ".read": true,
    "comments": {
      "$comment": {
        ".write": "auth != null",
        ".validate": "auth.id == newData.child('userid').val() && newData.hasChildren(['userid', 'body']) && newData.child('body').isString()"
      }
    }
  }
}

If a user logs in with a Facebook account will Firebase create a new auth record and scope security rules in the same context as an Email/Password login?
If so are those registrations viewable in the same way as our Email auth type? Do you perform operations on those records like (delete) in the same way?
What would be the best way to scheme a master userId collection that enables a user to tie multiple account types together? (Facebook, Google, and Email all tied together)

score 3 · Accepted Answer · edited May 23 '17 at 12:20

3

Keep in mind that "creating a user" in that console (and in Firebase Simple Loign email / password auth. in general) only generates a new mapping between an email address and a password, and gives that account a unique, auto-incrementing id.

Firebase Simple Login will not automatically store any data in your Firebase, though upon login, it will automatically generate a new Firebase auth. token against which you may write security rules making use of the auth variable.

Login methods using any other provider currently store no data, though in the future there may be more functionality there. Logging in with Facebook / Google / etc. will also fetch a bunch of useful user metadata and send it down to the client, in addition to creating a Firebase auth. token for use in security rules. To see the contents of the auth variable across all providers, see the 'After Authenticating' section on each of the Simple Login Providers docs pages, for example: Facebook. There is no notion of a delete for any provider except for the email / password provider.

If you'd like to have user accounts that are linked to multiple social credentials, it can be done, though it is a little clunky (and manual) at present. See How can I login with multiple social services with Firebase? for a thorough walkthrough.

edited May 23 '17 at 12:20

Community

1
1

answered Apr 02 '14 at 21:26

Rob DiMarco

13,226
1
43
55

So if an auth token was generated for a Facebook login - the `auth.id` would be the same after logging in again... This would allow you to have a mixture of login types (different users) scoped to the same collection rules right? – Dan Kanze Apr 02 '14 at 21:48
@DanKanze Correct! Also note that there is a `uid` parameter on the auth token, that looks like ':', which allows you to store all user accounts in one list without fear of collisions between providers. – Rob DiMarco Apr 02 '14 at 22:05
Are any two `uid` every going to be the same? For example could I make the `uid` the key name in a `users` collection? – Dan Kanze Apr 03 '14 at 19:12
1

The `uid` will never be the same for two different users. This `uid` attribute is specifically intended for the use case you describe, and is safe to use. =) – Rob DiMarco Apr 03 '14 at 19:24
I have a few questions about that strategy you linked me to here: http://stackoverflow.com/questions/22886053/can-the-firebase-auth-object-handle-simultaneous-authentication-types – Dan Kanze Apr 05 '14 at 19:59

Does Firebase create accounts for all authentication types?

1 Answers1