Firebase with Facebook and User/Password Authentication

Firebase with Facebook and User/Password Authentication - android

I'm implementing facebook login with firebase for my application. The objective is to develop a logic that the user can login with email/password provider or facebook provider. As i started developing, i found two ways to do what i want:
1 - Link facebook to email/password provider:
User has to be logged in with email/password to make this happen. Which means, if the user is not logged in, i don't have a reference (current user) to link the facebook provider. User cannot sign up with facebook provider because the email is already being used by another provider (email/password).
2 - Enable multiple accounts with the same email on firebase:
User can sign up with facebook and email/password. But firebase won't register the facebook data for the email/password provider. Which means, when i try to get the email from the current user, i have to specify the provider that have the email attribute (facebook provider). Email/password provider returns an empty email
final String email = firebaseUser.getProviderData().get(1).getEmail();
Conclusion
The first way won't work for me. User may not be logged in all the time. He may want to login in different ways. I don't want the user to insert his password for email/password provider just to link to his facebook provider.
If i choose the second way, i can't find a way to update the email attribute for email/password provider. And it wouldn't be a good practice to always check what providers the user have, just to specify which provider to get the email from.
Is there something i'm missing? I tried using updateEmail() when user signs up with facebook but it just updates the email attribute for facebook provider. Do i really have to make the user insert his password to create a link between the two providers?

To have the convenience of user profile information being provided by methods such as firebase.auth().signInWithRedirect() and firebase.auth().linkWithRedirect(), then the Firebase project needs to be configured with One account per email address (Firebase Console > Authentication > Sign-in method). This is the simplest (and default) configuration.
The original question stated:
I don't want the user to insert his password for email/password provider just to link to his facebook provider.
If a user consistently signs in using the same provider method (e.g. Facebook, password, email link, Google Sign-in) then he/she will never need to link accounts.
For users that want to sign-in using multiple providers, account linking is a straightforward user experience and only happens one time when first linking providers.
Linking Accounts
When the Firebase project is configured with One account per email address, then the first time a user attempts to sign-in with a different provider, you will receive the Firebase error auth/account-exists-with-different-credential.
Resolve this by calling firebase.auth.Auth.fetchSignInMethodsForEmail and then asking the user to sign in using one of the returned providers.
Once the user is signed in, the original credential can be linked to the user with firebase.User.linkWithCredential
Note that account linking works for any combination of providers. Hence, it doesn't matter if a user first signs-up using email/password and then later decides to sign-in with Facebook or vice versa.

Related

Firebase Account Linking (Email/Password, Facebook and Google)

I'm trying to use the linkWithCredential function from Firebase Auth, but I'm not sure whether I'm using it and understand it correctly.
We have a login page with 3 buttons in our app (Login with Email, Login with Facebook and Login with Google). When user login with any one of the providers everything works great (With every provider with its sign-in method).
But when user wants to login again in our app with a different provider we use the Firebase.auth.logout function and properly logging him out from Firebase.
It appears that we must need that the user will still be logged-in in order to link his account with a different provider.
Since user is not logged-in anymore I cannot use the Firebase.currentUser since it is null.
Do I need to get the current user provider by email, sign-in silently and then with that credential link it to the new provider? Also, it isn't clear whether we need to allow multiple account with the same email address enabled on Firebase console.
Is it possible to do that (linkWithCredential) without that option enabled?
Any help with examples on Android or iOS will be really helpful.

Linking multiple auth providers with Firebase on Login

I wish to link multiple auth providers on the time of user signin into the app . Firebase docs provides a method to link a new auth provider with logged in one but I wish to link on the time on login/signup so user can choose any auth provider without any hassles to link them manually .
Any suggestions on this . Please help.

Linking accounts requires that the user authenticates with each of those accounts.
By signing in to an account/provider, the user proves they "own" that account at that provider. There is no way to link accounts without requiring the user to sign in to each account.

Firebase Manage Multiple auth provider

I am working on android application that uses multiple authentication with the help of firebase like Facebook, Google and Email/Password. Each authentication works well in separate ways.
But, When I am login with google and then signed out and later when i am using facebook to do login by using same Email Id..
It says.
com.google.firebase.auth.FirebaseAuthUserCollisionException: An
account already exists with the same email address but different
sign-in credentials. Sign in using a provider associated with this
email address.
All i want to do is, Merge the account when user try to login with different authentication provider by using same email id.
Is, there any way to handle this by using firebase.
Please Help.

just change it here.. thats all.. you are welcome

How should I correctly integrate social media SSO with my custom login service?

I'm trying to integrate an existing login system for a mobile application with some social media sign-in solutions. I successfully managed to integrate both facebook and google+ sign in with my app and I get to the point where the users are signed in and I can get their social information.
But now I was left wondering which would be the best approach in order to integrate users that decided to use a social media account with my native login system. Should I use their email accounts as login and maybe generate a password on the server side? Or maybe use an oauth token instead of a password?
I need to keep track of my users, even the ones that did not formally filled a registration form. So what should I place instead of email + password?

This can be tricky - the majority case is easy, but you need to think about the edges. I find it easer to consider email/password as just another authentication mechanism. You want
A user record with the core data about that user (perhaps name, email address, app specific profile data etc.)
A series of records for their connected auth methods, e.g. Google+, Facebook, user/pass.
The connected auth methods can store the relevant information for those methods - e.g. for Google it would likely be Google user Id and perhaps refresh token if using offline access. This makes it easy for you to offer connecting multiple social accounts.
Password may be a special case that you want to store against the original user record. In that case, if someone signs-up using a social login, then you can either generate a random password, or leave it null. Either way, as long as you request the email address for the user, you can always let them go through a Forgot Password flow (where you generate and email them a password) if they want to access their account but no longer have their 3p login.
What you don't want to do if avoidable is to force the users to give you a new password just after they sign in. However, it you are allowing multiple login methods to be associated with one account, you might want to allow associating them. So, your flow might be:
User signs in (with 3p or email/pass)
If you have a record for that login method (e.g. matching Google or Facebook user id, matching email/pass combination), sign the user in, and you are done.
If you have no matching record for that sign in method:
See if you have a matching email address with an existing user account. If you do, some sites automatically merge the new login method to this account. If privacy/security is more of a concern you might want to confirm the user wants to login to that account, or make them go through a 1-time validation (e.g. "it looks like you've signed in with a password before, please enter your password now to link your account and your Google account" etc.). Then link the accounts and continue as if signed in.
See if you have an account which may be that person. E.g, perhaps you have an account with a matching name. In that case, you might want to hint the user to connect their accounts (e.g. a prompt somewhere that says "have you connected before with Facebook? Click here to link these accounts" which then takes the user through a sign in process for the login method you suspect they might have).
If they look totally new, create a new user record, and treat them as newly signed up.
Its significantly easier if you can treat email address as a unique field. That means if someone signs in with a 3p account associated with an email address you already have a user for you might have to force them to link their account before continuing. If they didn't want to and you required an email address, you could prompt them to enter one manually and then validate it as normal by sending them an email and having them confirm it.
ChrLipp's links are good, also take a look at the guide for using FB and G+ together on the Google Developers site: https://developers.google.com/+/best-practices/facebook

How did you implement the social media sign-in's? For example Facebook: did you use Login for Android? In this case the docs say under Checking login status:
Apps using our SDKs can check whether someone has already logged in using built-in functions. All other apps must create their own way of storing when a person has logged in, and when that indicator is not there, proceed on the assumption that they are logged out.
And if you follow the link to Storing access tokens and login status you can read:
The token should be stored so it's available to all parts of the app when it makes API calls. ... If you're building a ... mobile app, then you should use the datastore available to your app. Also, the app should store the token in a database along with the user_id to identify it.
Have an enumeration (NativeLogin, Facebook, GooglePlus) and depending on this enumeration the following information:
NativeLogin
UserName, Password
Facebook and GooglePlus
Facebook or GooglePlus ID and their User Access Token
In all cases you should store the email adress you get in an additional field.

Google+ Api - get associated account in android

I'm using the new Google+ Sign-in api. Once a user clicks sign in they can choose which google account to use, and then proceed to authorize the app. How can I get the account which they picked?
Reason being is I have been using regular google auth for my app and the users account is tied to the email address. With this Google+, I'm not sure how to get the account email without asking the user to selected the account again.

You can retrieve the user's profile information by using the PlusClient.loadPerson() method, which can include their email address if they choose to make it public. To reliably get their email address, you would use either the PlusClient.getAccountName() or use the userinfo REST endpoint after requesting the userinfo.email scope.
The code examples in the documentation walk through each of the above cases.

Develop Reference

The Android operating system is a mobile operating system that was developed by Google (GOOGL?) to be primarily used for touchscreen devices, cell phones, and tablets.