FirebaseAuth - Let user change password using any provider - Android

问题

I have a social media app, I'm using FirebaseUI to let users sign in/up to the app,using Email, Google or Facebook.

1. How can I let user to change his/her password later if using "Email" as a provider?

2. If using Facebook or Google as providers can I let him/her set Email-Password as Authentication Method by giving him/her an option to change password?.

3. The change password action from user should set Email-Password as Authentication Method in firebase with a new password input from the user.

4. Then, The user should be able to login using Email-Password or the Authentication Provider( Facebook/Google) linked with same email.

回答1:

Answering your question:

1. Yes.

Here is a sample code snippet for changing/updating the user password:

FirebaseUser user = FirebaseAuth.getInstance().getCurrentUser();
String newPassword = "SOME-SECURE-PASSWORD";

user.updatePassword(newPassword)
    .addOnCompleteListener(new OnCompleteListener<Void>() {
        @Override
        public void onComplete(@NonNull Task<Void> task) {
            if (task.isSuccessful()) {
                Log.d(TAG, "User password updated.");
            }
        }
    });

Details of using Firebase User is available here.

2. a. Changing the password in your app:

NO

The SignIn Providers such as Facebook, Google and Twitter do not open this features (API) to prevent middleman and other attacks/abuses.

b. User changed the password in the service provider after signed-in

The user is still able to login to your app, authentication process is deal directly to the service provider, so you don't have to worry!

c. Multiple authentication with the same email address.

Referring to

let's say user A logged in using Facebook to my app, then he went to his profile in MY APP , and changed his password, next time to login I want him to have 2 options: 1- Login using Facebook normally 2- Login using his facebook Email + the password that he saved earlier

The answer is YES, but you have to merge the details first, here is the reference. You can actually link/merge the user details of the same email address by identifying the same Firebase user ID regardless of the authentication provider they used to sign in.

For example, a user who signed in with a password can link a Google account and sign in with either method in the future. Or, an anonymous user can link a Facebook account and then, later, sign in with Facebook to continue using your app.

Hope it helps!

来源：https://stackoverflow.com/questions/51725688/firebaseauth-let-user-change-password-using-any-provider-android