On iOS for nonce-based Apple Sign In link failures where the Apple account is already linked to a different Firebase account, returns an Updated Credential that may be used to login to the Apple-linked account.

DellaBitta · a-maurice · commit c85b3306219c · 2020-06-09T17:37:47.000-07:00
PiperOrigin-RevId: 311328231
diff --git a/auth/src/include/firebase/auth/credential.h b/auth/src/include/firebase/auth/credential.h
@@ -64,6 +64,7 @@ class Credential {
   friend class PlayGamesAuthProvider;
   friend class TwitterAuthProvider;
   friend class YahooAuthProvider;
+  friend class ServiceUpdatedCredentialProvider;
   /// @endcond
 #endif  // !SWIG
 
diff --git a/auth/src/include/firebase/auth/user.h b/auth/src/include/firebase/auth/user.h
@@ -120,6 +120,13 @@ struct AdditionalUserInfo {
   /// Most likely a hierarchical key-value mapping, like a parsed JSON file.
   /// Note we use map instead of unordered_map to support older compilers.
   std::map<Variant, Variant> profile;
+
+  /// On a nonce-based credential link failure where the user has already linked
+  /// to the provider, the Firebase auth service may provide an updated
+  /// Credential. If is_valid returns true on this credential, then it may be
+  /// passed to a new firebase::auth::Auth::SignInWithCredential request to sign
+  /// the user in with the provider.
+  Credential updated_credential;
 };
 
 /// @brief Metadata corresponding to a Firebase user.
diff --git a/auth/src/ios/auth_ios.mm b/auth/src/ios/auth_ios.mm
@@ -18,6 +18,7 @@
 #import "FIRAuthDataResult.h"
 #import "FIRAuthErrors.h"
 #import "FIROptions.h"
+#import "FIROAuthCredential.h"
 
 #include "app/src/app_ios.h"
 #include "app/src/assert.h"
@@ -118,6 +119,18 @@ @implementation FIRCPPAuthListenerHandle
     // kAuthErrorEmailChangeNeedsVerification},
 };
 
+// A provider that wraps a Credential returned from the Firebase iOS SDK which may occur when a
+// nonce based link failure occurs due to a pre-existing account already linked with a Provider.
+// This credential may be used to attempt to sign into Firebase using that account.
+class ServiceUpdatedCredentialProvider {
+ public:
+  // Construct a Credential given a preexisting FIRAuthCredential wrapped by a
+  // FIRAuthCredentialPointer.
+  static Credential GetCredential(FIRAuthCredentialPointer* impl) {
+    return Credential(impl);
+  }
+};
+
 template<typename T>
 struct ListenerHandleHolder {
   explicit ListenerHandleHolder(T handle) : handle(handle) {}
@@ -315,6 +328,13 @@ void SignInResultCallback(FIRAuthDataResult *_Nullable auth_result, NSError *_Nu
     util::NSDictionaryToStdMap(auth_result.additionalUserInfo.profile, &result.info.profile);
   }
 
+  if (error.userInfo != nullptr) {
+    if (error.userInfo[FIRAuthErrorUserInfoUpdatedCredentialKey] != nullptr) {
+      result.info.updated_credential = ServiceUpdatedCredentialProvider::GetCredential(
+          new FIRAuthCredentialPointer(error.userInfo[FIRAuthErrorUserInfoUpdatedCredentialKey]));
+     }
+  }
+
   ReferenceCountedFutureImpl &futures = auth_data->future_impl;
   futures.CompleteWithResult(handle, AuthErrorFromNSError(error),
                              util::NSStringToString(error.localizedDescription).c_str(), result);
