2

I've been using invertase@react-native-apple-authentication to implement Sign in with Apple combined with firebase authentication.

When I perform this code snippet and choosing "Share my Email" and I already have an existing “email & password-provider” on Firebase with the same email as the one I have on my Apple ID, the providers automatically merge. 

const appleAuthRequestResponse = await appleAuth.performRequest({
                requestedOperation: AppleAuthRequestOperation.LOGIN,
                requestedScopes: [AppleAuthRequestScope.EMAIL, AppleAuthRequestScope.FULL_NAME],
})
const { user, email, nonce, identityToken } = appleAuthRequestResponse
const appleCredential = firebase.auth.AppleAuthProvider.credential(identityToken, nonce)
const userCredential = await firebase.auth().signInWithCredential(appleCredential)

If I instead were to use for example Facebook sign in through react-native-fbsdk to sign in with these lines: 

const credential = firebase.auth.FacebookAuthProvider.credential(accessToken)
firebase.auth().signInWithCredential(credential)

the auth module correctly throws an error ‘auth/account-exists-with-different-credentials’ since it detects that an account already occupies the email-address on firebase.

The issue is that I cannot stop the merge from happening during the sign in flow, unless I manually prevent it by looking up the authenticated Apple email's firebase login providers in-between the request and the sign-in.

I’d wish to be able to handle an error such as auth/account-exists-with-different-credentials even when signing in with Apple, but unfortunately nothing gets thrown.

Is this behaviour intended?

react-native-firebase version 5.6.0 Firebase/Auth version 6.15.0

Kind Regards, Jonathan

Jonkan
  • 21
  • 1
  • I am getting this behavior of auto merging too. According to doc, when "one account per email address" is enabled, it should throw FirebaseAuthUserCollisionException. But instead it merges the new provider with existing account. Either documentation is outdated or there should be way to disable auto-merging. – Jemshit Jul 24 '20 at 10:23

1 Answers1

0

This is the expected behavior since Firebase consider some providers for instance Facebook as not trusted provider.

Is it possible to check if an email is confirmed on Facebook?

In case of trusted providers for instance Apple / Google the merge can happen automaticly.

Note: if you first sign in via non trusted provider later you sign in via trusted provider, then the non trusted provider will be unlinked / overwritten for security reasons. After all if you want to login via non trusted provider (for instance your unlinked provider) then 'auth/account-exists-with-different-credential' will be thrown since the email is already registered with another provider in this case you have to ask user to login with a known provider then manualy link the two auth providers.

maRci002
  • 341
  • 3
  • 7