问题
I'm building an Android app with Firebase Authentication and Cloud Firestore. The app has multiple Auth providers; a user can sign in either using his registered email and password or using Google or Facebook.
So here's the problem: When a user first logs in with his own registered email and password, he stores his details in a document in Firestore. Now, if the same user logs off and signs in using Google (linked to the same email address), the login is successful, but the Firestore doc is gone; overwritten/ replaced by the data provided by the Google Sign In. Even the registered Firebase EmailAuth details are gone; all overwritten by Google Sign-In client.
One thing I noticed was that the Email Auth and the Google Sign In Auth (with the same email address) have the same User UID in the Firebase Authentication page of my console when the stuff I mentioned above happens.
What I want is: The user logs in with his registered email and password and then logs out. When he goes in for login via Google, there needs to be an error toast preventing him from signing in via Google if the same email address has been registered already. Basically, if his email address has been registered, then he can log in only via email and password authentication and not via Google.
Facebook helps in this case; it does not log in if the same email address has been registered, instead, it gives an error equivalent to "This email address already exists with another account." I want the same thing here with Google.
If my question isn't all that clear, try this: https://github.com/firebase/firebase-android-sdk/issues/25
(Yeah I noticed that they closed the issue with an "Intended Behaviour", which is the very reason I'm posting this question; I need a workaround for this behavior to make it do what I need).
回答1:
What I want is The user logs in with his registered email and password and then logs out. When he goes in for login via Google, there needs to be an error toast preventing him from signing in via Google if the same email address has been registered already. Basically, if his email address has been registered, then he can log in only via email and password authentication and not via Google.
The flow for solving this problem is to ask the user for the email address from the beginning. Once you have the email address you can check if the user has already an account or not. Assuming that you have distinct buttons for each authentication provider you can display or hide them according to what the user has selected for authentication first time. For instance, if the user has selected the authentication with email and password, check that using:
auth.fetchSignInMethodsForEmail(email).addOnCompleteListener(signInMethodsTask -> {
if (signInMethodsTask.isSuccessful()) {
List<String> signInMethods = signInMethodsTask.getResult().getSignInMethods();
for (String signInMethod : signInMethods) {
switch (signInMethod) {
case GoogleAuthProvider.PROVIDER_ID:
googleSignInButton.setVisibility(VISIBLE);
facebookSignInButton.setVisibility(GONE);
passwordSignInButton.setVisibility(GONE);
break;
case FacebookAuthProvider.PROVIDER_ID:
googleSignInButton.setVisibility(GONE);
facebookSignInButton.setVisibility(VISIBLE);
passwordSignInButton.setVisibility(GONE);
break;
case EmailAuthProvider.PROVIDER_ID:
googleSignInButton.setVisibility(GONE);
facebookSignInButton.setVisibility(GONE);
passwordSignInButton.setVisibility(VISIBLE);
break;
default:
googleSignInButton.setVisibility(VISIBLE);
facebookSignInButton.setVisibility(VISIBLE);
passwordSignInButton.setVisibility(VISIBLE);
break;
}
}
}
});
In the case of EmailAuthProvider.PROVIDER_ID, hide the other buttons and display only the button that provides the sign-in with email and password. If the user is new, display all buttons so the user can choose one or the other authentication options.
P.S. There is no need to let the user choose to sign-in with another provider if you only want to let the user sign-in with a particular one.
来源:https://stackoverflow.com/questions/61833249/google-sign-in-removes-existing-user-data