Google sign in replaces other auth providers

[MarioUnlam]

I'm working on an app that allows the user to sign in with Google, Facebook and Twitter. I noticed that if the user signs in with one auth provider, and then tries to use another, signInWithCredential() will return an 'account-exists-with-different-credential' exception. I already managed to handle this exception for the three auth providers, so the user has to authenticate using the previous provider to link the new one.

However, this only happens if the new auth provider is NOT google. If the user authenticates with Facebook or Twitter first, and then uses Google, it won't throw an exception, and instead it unlinks the previous providers, leaving that account with Google as the only provider. Is this a bug? because it looks quite inconsistent, the other providers work differently. Is there any way to disable this behavior?

[mikehardy]

Interesting. I've seen something similar with email/password reset after linking facebook, where facebook was unlinked.
I suspect it was an error on my part not doing user.reload()

I know there is something special about which providers they consider to strongly verify email, thus setting the emailVerified flag if you sign in with facebook or google, it will set that flag.

I have not seen link/unlink displacing things in general though.

So I'll say "needs a reproduction" - a minimal App.js that you can drop in a clean container from https://github.com/mikehardy/rnfbdemo/blob/master/make-demo.sh (or perhaps https://github.com/invertase/react-native-firebase-authentication-example for all the auth stuff...) because I don't see this in my work app.

[MarioUnlam]

After dealing with a few problems I had with my Java JDK version, I managed to run the authentication example. And the problem I described seem to happen there too, without making any changes to the code (besides adding the files and changing the tokens for Facebook and Firebase). If you login with Facebook first, then sign out, then try to login with google, using the same email, you don't get any error, and you'll see your account is now linked to Google only. Facebook got automatically unlinked. I checked if Firebase had a duplicated account, but there's only one user with my email, linked to Google.

[mikehardy]

Fascinating! Thanks for checking that. I'm still actively working on the example and with a work project based on it, literally this moment. I have other things to do on that example and that work project that are a little higher priority but rest assured, if it reproduces there it will be on my list of must-fix stuff in order to make my work app work as well.

[mikehardy]

made an issue from this, so it's not just a discussion

[MarioUnlam]

Thanks!. In the meantime, a possible workaround would be to run fetchSignInMethodsForEmail(...) every time a user tries to sign in with Google, and if it returns more than one provider, run the same logic used to handle "account-exists-with-different-credential" exceptions. I'm pretty sure this is a very unlikely scenario (a user signing in to the same app, using the same email, but a different provider, and in this specific order).

[mikehardy]

I added that repro info to #5900