feat: Auto link with account exists

Author: dackers86

packages/firebaseui-core/src/auth.ts

@@ -21,6 +21,21 @@ import {
 import { handleFirebaseError } from './errors';
 import { type TranslationsConfig } from './translations';
 
+async function handlePendingCredential(user: UserCredential): Promise<UserCredential> {
+  const pendingCredString = window.sessionStorage.getItem('pendingCred');
+  if (!pendingCredString) return user;
+
+  try {
+    const pendingCred = JSON.parse(pendingCredString);
+    const result = await linkWithCredential(user.user, pendingCred);
+    window.sessionStorage.removeItem('pendingCred');
+    return result;
+  } catch (error) {
+    window.sessionStorage.removeItem('pendingCred');
+    return user;
+  }
+}
+
 export async function fuiSignInWithEmailAndPassword(
   auth: Auth,
   email: string,
@@ -29,19 +44,22 @@ export async function fuiSignInWithEmailAndPassword(
     language?: string;
     translations?: TranslationsConfig;
     enableAutoUpgradeAnonymous?: boolean;
+    enableHandleExistingCredential?: boolean;
   }
 ): Promise<UserCredential> {
   try {
     const currentUser = auth.currentUser;
     const credential = EmailAuthProvider.credential(email, password);
 
     if (currentUser?.isAnonymous && opts?.enableAutoUpgradeAnonymous) {
-      return await linkWithCredential(currentUser, credential);
+      const result = await linkWithCredential(currentUser, credential);
+      return handlePendingCredential(result);
     }
 
-    return await signInWithCredential(auth, credential);
+    const result = await signInWithCredential(auth, credential);
+    return handlePendingCredential(result);
   } catch (error) {
-    handleFirebaseError(error, opts?.translations, opts?.language);
+    return handleFirebaseError(error, opts);
   }
 }
 
@@ -53,19 +71,22 @@ export async function fuiCreateUserWithEmailAndPassword(
     language?: string;
     translations?: TranslationsConfig;
     enableAutoUpgradeAnonymous?: boolean;
+    enableHandleExistingCredential?: boolean;
   }
 ): Promise<UserCredential> {
   try {
     const currentUser = auth.currentUser;
     const credential = EmailAuthProvider.credential(email, password);
 
     if (currentUser?.isAnonymous && opts?.enableAutoUpgradeAnonymous) {
-      return await linkWithCredential(currentUser, credential);
+      const result = await linkWithCredential(currentUser, credential);
+      return handlePendingCredential(result);
     }
 
-    return await createUserWithEmailAndPassword(auth, email, password);
+    const result = await createUserWithEmailAndPassword(auth, email, password);
+    return handlePendingCredential(result);
   } catch (error) {
-    handleFirebaseError(error, opts?.translations, opts?.language);
+    return handleFirebaseError(error, opts);
   }
 }
 
@@ -81,7 +102,7 @@ export async function fuiSignInWithPhoneNumber(
   try {
     return await signInWithPhoneNumber(auth, phoneNumber, recaptchaVerifier);
   } catch (error) {
-    handleFirebaseError(error, opts?.translations, opts?.language);
+    return (await handleFirebaseError(error, opts)) as never;
   }
 }
 
@@ -92,6 +113,7 @@ export async function fuiConfirmPhoneNumber(
     language?: string;
     translations?: TranslationsConfig;
     enableAutoUpgradeAnonymous?: boolean;
+    enableHandleExistingCredential?: boolean;
   }
 ): Promise<UserCredential> {
   try {
@@ -101,12 +123,13 @@ export async function fuiConfirmPhoneNumber(
 
     if (currentUser?.isAnonymous && opts?.enableAutoUpgradeAnonymous) {
       const result = await linkWithCredential(currentUser, credential);
-      return result;
+      return handlePendingCredential(result);
     }
 
-    return await signInWithCredential(auth, credential);
+    const result = await signInWithCredential(auth, credential);
+    return handlePendingCredential(result);
   } catch (error) {
-    handleFirebaseError(error, opts?.translations, opts?.language);
+    return handleFirebaseError(error, opts);
   }
 }
 
@@ -121,7 +144,7 @@ export async function fuiSendPasswordResetEmail(
   try {
     await sendPasswordResetEmail(auth, email);
   } catch (error) {
-    handleFirebaseError(error, opts?.translations, opts?.language);
+    return (await handleFirebaseError(error, opts)) as never;
   }
 }
 
@@ -148,7 +171,7 @@ export async function fuiSendSignInLinkToEmail(
     await sendSignInLinkToEmail(auth, email, actionCodeSettings);
     window.localStorage.setItem('emailForSignIn', email);
   } catch (error) {
-    handleFirebaseError(error, opts?.translations, opts?.language);
+    return (await handleFirebaseError(error, opts)) as never;
   }
 }
 
@@ -164,6 +187,7 @@ export async function fuiSignInWithEmailLink(
     language?: string;
     translations?: TranslationsConfig;
     enableAutoUpgradeAnonymous?: boolean;
+    enableHandleExistingCredential?: boolean;
   }
 ): Promise<UserCredential> {
   try {
@@ -174,14 +198,14 @@ export async function fuiSignInWithEmailLink(
     if (currentUser?.isAnonymous && isAnonymousUpgrade && opts?.enableAutoUpgradeAnonymous) {
       const result = await linkWithCredential(currentUser, credential);
       window.localStorage.removeItem('emailLinkAnonymousUpgrade');
-      return result;
+      return handlePendingCredential(result);
     }
 
     const result = await signInWithCredential(auth, credential);
     window.localStorage.removeItem('emailLinkAnonymousUpgrade');
-    return result;
+    return handlePendingCredential(result);
   } catch (error) {
-    handleFirebaseError(error, opts?.translations, opts?.language);
+    return handleFirebaseError(error, opts);
   }
 }
 
@@ -193,9 +217,10 @@ export async function fuiSignInAnonymously(
   }
 ): Promise<UserCredential> {
   try {
-    return await signInAnonymously(auth);
+    const result = await signInAnonymously(auth);
+    return handlePendingCredential(result);
   } catch (error) {
-    handleFirebaseError(error, opts?.translations, opts?.language);
+    return handleFirebaseError(error, opts);
   }
 }
 
@@ -206,6 +231,7 @@ export async function fuiSignInWithOAuth(
     language?: string;
     translations?: TranslationsConfig;
     enableAutoUpgradeAnonymous?: boolean;
+    enableHandleExistingCredential?: boolean;
   }
 ): Promise<void> {
   try {
@@ -217,7 +243,7 @@ export async function fuiSignInWithOAuth(
       await signInWithRedirect(auth, provider);
     }
   } catch (error) {
-    handleFirebaseError(error, opts?.translations, opts?.language);
+    return (await handleFirebaseError(error, opts)) as never;
   }
 }
 
@@ -228,6 +254,7 @@ export async function fuiCompleteEmailLinkSignIn(
     language?: string;
     translations?: TranslationsConfig;
     enableAutoUpgradeAnonymous?: boolean;
+    enableHandleExistingCredential?: boolean;
   }
 ): Promise<UserCredential | null> {
   try {
@@ -239,9 +266,11 @@ export async function fuiCompleteEmailLinkSignIn(
     if (!email) return null;
 
     const result = await fuiSignInWithEmailLink(auth, email, currentUrl, opts);
-    window.localStorage.removeItem('emailForSignIn');
-    return result;
+    return handlePendingCredential(result);
   } catch (error) {
-    handleFirebaseError(error, opts?.translations, opts?.language);
+    return handleFirebaseError(error, opts);
+  } finally {
+    window.localStorage.removeItem('emailForSignIn');
+    window.localStorage.removeItem('emailLinkAnonymousUpgrade');
   }
 }

packages/firebaseui-core/src/errors.ts

@@ -1,3 +1,4 @@
+import { UserCredential } from 'firebase/auth';
 import { ERROR_CODE_MAP, getTranslation, type TranslationsConfig } from './translations';
 
 export class FirebaseUIError extends Error {
@@ -14,10 +15,30 @@ export class FirebaseUIError extends Error {
   }
 }
 
-export function handleFirebaseError(error: any, translations?: TranslationsConfig, language?: string): never {
+export async function handleFirebaseError(
+  error: any,
+  opts?: { language?: string; translations?: TranslationsConfig; enableHandleExistingCredential?: boolean }
+): Promise<never | UserCredential> {
+  if (error?.code === 'auth/account-exists-with-different-credential' && opts?.enableHandleExistingCredential) {
+    if (error.credential) {
+      window.sessionStorage.setItem('pendingCred', JSON.stringify(error.credential));
+    }
+
+    throw new FirebaseUIError(
+      {
+        code: 'auth/account-exists-with-different-credential',
+        customData: {
+          email: error.customData?.email,
+        },
+      },
+      opts?.translations,
+      opts?.language
+    );
+  }
+
   // TODO: Debug why instanceof FirebaseError is not working
   if (error?.name === 'FirebaseError') {
-    throw new FirebaseUIError(error, translations, language);
+    throw new FirebaseUIError(error, opts?.translations, opts?.language);
   }
-  throw new FirebaseUIError({ code: 'unknown' }, translations, language);
+  throw new FirebaseUIError({ code: 'unknown' }, opts?.translations, opts?.language);
 }

packages/firebaseui-core/src/translations.ts

@@ -26,6 +26,7 @@ export const ERROR_CODE_MAP: Record<string, ErrorKey> = {
   'auth/requires-recent-login': 'requiresRecentLogin',
   'auth/provider-already-linked': 'providerAlreadyLinked',
   'auth/invalid-verification-code': 'invalidVerificationCode',
+  'auth/account-exists-with-different-credential': 'accountExistsWithDifferentCredential',
 };
 
 type TranslationCategory = keyof Required<TranslationStrings>;
@@ -82,6 +83,8 @@ export const defaultTranslations: Record<'en', TranslationStrings> = {
       invalidVerificationCode: 'Invalid verification code. Please try again',
       unknownError: 'An unexpected error occurred',
       popupClosed: 'The sign-in popup was closed. Please try again.',
+      accountExistsWithDifferentCredential:
+        'An account already exists with this email. Please sign in with the original provider.',
     },
     messages: {
       passwordResetEmailSent: 'Password reset email sent successfully',

packages/firebaseui-core/src/types.ts

@@ -25,6 +25,7 @@ export type TranslationStrings = {
     invalidVerificationCode?: string;
     unknownError?: string;
     popupClosed?: string;
+    accountExistsWithDifferentCredential?: string;
   };
   messages?: {
     passwordResetEmailSent?: string;
@@ -73,6 +74,7 @@ export interface FUIConfig {
   language?: string;
   enableAutoAnonymousLogin?: boolean;
   enableAutoUpgradeAnonymous?: boolean;
+  enableHandleExistingCredential?: boolean;
   translations?: Partial<Record<string, Partial<TranslationStrings>>>;
   tosUrl?: string;
   privacyPolicyUrl?: string;

packages/firebaseui-core/tests/unit/auth.test.ts

@@ -28,7 +28,6 @@ import {
   fuiSignInWithOAuth,
   fuiCompleteEmailLinkSignIn,
 } from '../../src/auth';
-import { FirebaseUIError } from '../../src/errors';
 
 // Mock all Firebase Auth functions
 vi.mock('firebase/auth', async () => {
@@ -69,6 +68,7 @@ describe('Firebase UI Auth', () => {
     vi.clearAllMocks();
     mockAuth = { currentUser: null } as Auth;
     window.localStorage.clear();
+    window.sessionStorage.clear();
     (EmailAuthProvider.credential as any).mockReturnValue(mockCredential);
     (EmailAuthProvider.credentialWithLink as any).mockReturnValue(mockCredential);
     (PhoneAuthProvider.credential as any).mockReturnValue(mockCredential);
@@ -338,5 +338,85 @@ describe('Firebase UI Auth', () => {
 
       expect(result).toBeNull();
     });
+
+    it('should clean up storage even when sign in fails', async () => {
+      window.localStorage.setItem('emailForSignIn', '[email protected]');
+      window.localStorage.setItem('emailLinkAnonymousUpgrade', 'true');
+
+      (isSignInWithEmailLink as any).mockReturnValue(true);
+      (signInWithCredential as any).mockRejectedValue(new Error('Sign in failed'));
+
+      await expect(fuiCompleteEmailLinkSignIn(mockAuth, 'mock-url')).rejects.toThrow();
+
+      expect(window.localStorage.getItem('emailForSignIn')).toBeNull();
+      expect(window.localStorage.getItem('emailLinkAnonymousUpgrade')).toBeNull();
+    });
+  });
+
+  describe('Pending Credential Handling', () => {
+    it('should handle pending credential during email sign in', async () => {
+      const storedCred = { type: 'google.com', token: 'stored-token' };
+      window.sessionStorage.setItem('pendingCred', JSON.stringify(storedCred));
+      (signInWithCredential as any).mockResolvedValue(mockUserCredential);
+      (linkWithCredential as any).mockResolvedValue({ ...mockUserCredential, user: { uid: 'linked-uid' } });
+
+      const result = await fuiSignInWithEmailAndPassword(mockAuth, '[email protected]', 'password');
+
+      expect(linkWithCredential).toHaveBeenCalledWith(mockUserCredential.user, storedCred);
+      expect(window.sessionStorage.getItem('pendingCred')).toBeNull();
+      expect(result.user.uid).toBe('linked-uid');
+    });
+
+    it('should handle invalid pending credential gracefully', async () => {
+      window.sessionStorage.setItem('pendingCred', 'invalid-json');
+      (signInWithCredential as any).mockResolvedValue(mockUserCredential);
+
+      const result = await fuiSignInWithEmailAndPassword(mockAuth, '[email protected]', 'password');
+
+      expect(result).toBe(mockUserCredential);
+      expect(window.sessionStorage.getItem('pendingCred')).toBeNull();
+    });
+
+    it('should handle linking failure gracefully', async () => {
+      const storedCred = { type: 'google.com', token: 'stored-token' };
+      window.sessionStorage.setItem('pendingCred', JSON.stringify(storedCred));
+      (signInWithCredential as any).mockResolvedValue(mockUserCredential);
+      (linkWithCredential as any).mockRejectedValue(new Error('Linking failed'));
+
+      const result = await fuiSignInWithEmailAndPassword(mockAuth, '[email protected]', 'password');
+
+      expect(result).toBe(mockUserCredential);
+      expect(window.sessionStorage.getItem('pendingCred')).toBeNull();
+    });
+  });
+
+  describe('Storage Management', () => {
+    it('should clean up all storage items after successful email link sign in', async () => {
+      window.localStorage.setItem('emailForSignIn', '[email protected]');
+      window.localStorage.setItem('emailLinkAnonymousUpgrade', 'true');
+      window.sessionStorage.setItem('pendingCred', JSON.stringify(mockCredential));
+
+      (isSignInWithEmailLink as any).mockReturnValue(true);
+      (signInWithCredential as any).mockResolvedValue(mockUserCredential);
+
+      await fuiCompleteEmailLinkSignIn(mockAuth, 'mock-url');
+
+      expect(window.localStorage.getItem('emailForSignIn')).toBeNull();
+      expect(window.localStorage.getItem('emailLinkAnonymousUpgrade')).toBeNull();
+      expect(window.sessionStorage.getItem('pendingCred')).toBeNull();
+    });
+
+    it('should clean up storage even when sign in fails', async () => {
+      window.localStorage.setItem('emailForSignIn', '[email protected]');
+      window.localStorage.setItem('emailLinkAnonymousUpgrade', 'true');
+
+      (isSignInWithEmailLink as any).mockReturnValue(true);
+      (signInWithCredential as any).mockRejectedValue(new Error('Sign in failed'));
+
+      await expect(fuiCompleteEmailLinkSignIn(mockAuth, 'mock-url')).rejects.toThrow();
+
+      expect(window.localStorage.getItem('emailForSignIn')).toBeNull();
+      expect(window.localStorage.getItem('emailLinkAnonymousUpgrade')).toBeNull();
+    });
   });
 });