Firebaseui-android: Facebook provider overwritten by Google provider
Step 1: Are you in the right place?
Yes. :)
Step 2: Describe your environment
- Android device: Google Pixel
- Android OS version: 8.1.0
- Google Play Services version: 11.8.0
- Firebase/Play Services SDK version: 11.8.0
FirebaseUI version: 3.2.2
Would like to point out that this issue is not new. Has been noticed for a couple months now.
Step 3: Describe the problem:
Facebook provider is overwritten by Google provider when Google login is used after Facebook login. This issue happens even if the Facebook login is already email verified.
Steps to reproduce:
- Login using Facebook.
- Validate email of Facebook login (although this step is not necessary)
- At this point, check provider in Firebase Console Authentication > Users. It shows Facebook provider.
- Logout user.
- Login using Google.
- Refresh Firebase Console Authentication > Users page (here you should refresh the whole page using F5. The change will not show up when using the reload button in console). Facebook provider is now gone, only showing the Google provider.
- Logout user.
- Try login with Facebook again. It will prompt that there is already a google login, as if the Facebook
login never existed. - Login using Facebook.
Now both providers show up. No issue when using Facebook login after Google login.
I would also like to point out that this issue does not happen when using email provider. If the user logs with email and then with Google it will work as intended, mantaining both providers.
Observed Results:
- Google provider overwrites Facebook provider if user had previous logged in with Facebook provider.
Expected Results:
- When logging with Google provider after the Facebook provider, both providers should be kept (like
how it works with email provider).
felipe-gouveia
All 11 comments
@felipe-gouveia thank you for the very detailed reproduction steps! I need to talk to some other people to decide if this is:
- A bug in FirebaseUI
- A bug in Firebase Auth
- "Working as intended" since we have some special provisions for Google accounts
samtstern
on 5 Mar 2018
Hey @felipe-gouveia, this is currently work as intended.
To learn more why the Facebook provider is overwritten, check the following posts:
https://groups.google.com/forum/#!searchin/firebase-talk/liu/firebase-talk/ms_NVQem_Cw/8g7BFk1IAAAJ
Please check this post on Facebook not being considered a verified email provider:
https://github.com/firebase/firebase-js-sdk/issues/340
If you are willing to take the risks here, I think you can set emailVerified to true on Facebook sign-up using the admin SDK: https://firebase.google.com/docs/auth/admin/manage-users#update_a_user
Easiest way to do it is via Firebase cloud function onCreate Auth event.
bojeil-google
on 5 Mar 2018
Thank you @bojeil-google for weighing in!
samtstern
on 5 Mar 2018
@bojeil-google @samtstern even if I set emailVerified to true with Firebase cloud function onCreate, Google continues to overwriting facebook auth. What should I do next?
itelofilho
on 11 Mar 2018
Seems like a backend issue. Can you file a ticket with Firebase Support? I will try to recreate this next week to confirm.
bojeil-google
on 11 Mar 2018
@bojeil-google did you guys figure out a way to fix this. I couldn't find a resolution to prevent Facebook from being overwritten by google.
ghost
on 24 Jul 2018
Sorry about this. I was able to replicate the issue and filed an internal bug to fix it.
bojeil-google
on 24 Jul 2018
Did this ever get fixed? Even after setting emailVerified to true using the admin-sdk, facebook still gets overwritten.
This wouldn't be nearly as bad if I could at least give my user some feedback to let them know this is happening.
Motoxpro
on 25 Jun 2019
@Motoxpro They said this is a expect behavior and don't have any plans to change it. :/
itelofilho
on 26 Jun 2019
Hey folks, if the email is verified (after Facebook sign-in) and you sign in with Google, the Facebook provider will be retained. This issue should be fixed now. Please let us know if you encounter any issues with that.
bojeil-google
on 15 Aug 2019
But @bojeil-google - This doesn't help if the user has first signed in using Google, Apple Sign in etc. And then decides to sign in using Facebook. Then due to the Facebook guidelines, one should consider the facebook email verified and merge the account.
https://developers.facebook.com/docs/facebook-login/multiple-providers#associating2
It is a little weird that Google has let this hang for years, without fixing it. Indeed now that you have included Apple Sign In in Firebase, and here you do in fact trust the email. So come on, lets get the facebook emailVerified set to true by default, or give os the option to decide our self in the Firebase Console. - Using the admin SDK to set emailVerified = true for Facebook is not good enough, because that only works if the Facebook account is the first created one.
janniklind
on 11 Apr 2020
Related issues
samtstern
路
3Comments
iChintanSoni
路
4Comments
bobshao
路
4Comments
s-p-a-r-k
路
5Comments
RedCider
路
5Comments
Most helpful comment
But @bojeil-google - This doesn't help if the user has first signed in using Google, Apple Sign in etc. And then decides to sign in using Facebook. Then due to the Facebook guidelines, one should consider the facebook email verified and merge the account.
https://developers.facebook.com/docs/facebook-login/multiple-providers#associating2
It is a little weird that Google has let this hang for years, without fixing it. Indeed now that you have included Apple Sign In in Firebase, and here you do in fact trust the email. So come on, lets get the facebook emailVerified set to true by default, or give os the option to decide our self in the Firebase Console. - Using the admin SDK to set emailVerified = true for Facebook is not good enough, because that only works if the Facebook account is the first created one.