Firebase Allowing Multiple Accounts from Same Email Address
Solution 1
Go to Firebase Console
In the Authentication -> SIGN-IN METHOD
Scroll Down to Advanced Section Click on CHANGE and then SAVE
Solution 2
Step 1 : Go to Firebase Console > Authentication > Sign in method. Check the option preventing multiple account creation with single email id.
Step 2 :The following documentation explains how to connect multiple providers to a single account using custom method.
https://firebase.google.com/docs/auth/web/account-linking
Solution 3
Expanding Kathir's answer, Firebase documentation does provide solution.
The following are code snippets copied from the documentation.
// Step 1.
// User tries to sign in to Google.
auth.signInWithPopup(new firebase.auth.GoogleAuthProvider()).catch(function(error) {
// An error happened.
if (error.code === 'auth/account-exists-with-different-credential') {
// Step 2.
// User's email already exists.
// The pending Google credential.
var pendingCred = error.credential;
// The provider account's email address.
var email = error.email;
// Get sign-in methods for this email.
auth.fetchSignInMethodsForEmail(email).then(function(methods) {
// Step 3.
// If the user has several sign-in methods,
// the first method in the list will be the "recommended" method to use.
if (methods[0] === 'password') {
// Asks the user their password.
// In real scenario, you should handle this asynchronously.
var password = promptUserForPassword(); // TODO: implement promptUserForPassword.
auth.signInWithEmailAndPassword(email, password).then(function(user) {
// Step 4a.
return user.linkWithCredential(pendingCred);
}).then(function() {
// Google account successfully linked to the existing Firebase user.
goToApp();
});
return;
}
// All the other cases are external providers.
// Construct provider object for that provider.
// TODO: implement getProviderForProviderId.
var provider = getProviderForProviderId(methods[0]);
// At this point, you should let the user know that he already has an account
// but with a different provider, and let him validate the fact he wants to
// sign in with this provider.
// Sign in to provider. Note: browsers usually block popup triggered asynchronously,
// so in real scenario you should ask the user to click on a "continue" button
// that will trigger the signInWithPopup.
auth.signInWithPopup(provider).then(function(result) {
// Remember that the user may have signed in with an account that has a different email
// address than the first one. This can happen as Firebase doesn't control the provider's
// sign in flow and the user is free to login using whichever account he owns.
// Step 4b.
// Link to Google credential.
// As we have access to the pending credential, we can directly call the link method.
result.user.linkAndRetrieveDataWithCredential(pendingCred).then(function(usercred) {
// Google account successfully linked to the existing Firebase user.
goToApp();
});
});
});
}
});
C6Silver
Updated on June 16, 2022Comments
-
C6Silver about 2 years
Within the Firebase console I have specifically set it to only allow "One account per email address". This is found on the sign-in method tab under "advanced".
I have an account created using the Google login method that has an address like "[email protected]". If I then choose to sign-in via Facebook using an account that also uses "[email protected]", Firebase is allowing it with the exception that the email address in the Users entity is null.
The Firebase documentation states:
if you don't allow multiple accounts with the same email address, a user cannot create a new account that signs in using a Google Account with the email address [email protected] if there already is an account that signs in using the email address [email protected] and a password.
Does this only count if you are trying to create a Firebase login directly with a username/password vs creating an account from two providers like Facebook and Google? I would be under the impression that if it finds a duplicate email address it should reject the registration/login. I do realize the quote states "and a password" which makes me wonder.