I'm working with Firebase to authenticate my users in my iOS app
I noticed a problem with the Apple provider.
I'll explain better the steps that a user could do:
Create an Apple Provider Account with Hidden Email. Your Firebase account will be created like this
Create an account with Google. We will have 2 different accounts created
The user decides to delete my app from the iCloud settings (on his device) from those that access with Apple
The user creates a new account with Apple provider, but this time he shows the email
When the authentication flow begins, through the Auth.auth().fetchSignInMethods(forEmail: email) method, find the Google account previously created and try the link with Google.
The link does not complete and returns this error:
[ERROR_PROVIDER_ALREADY_LINKED] - User can only be linked to one
identity for the given provider.
This is the problem I'm having when a user decides to use an Apple account with hidden Email
How can we manage authentications with Apple on Firebase in this case?
Related
Our app was rejected from the app store due to Your app requires users to input their name, e-mail address and e-mail verification after using Sign in with Apple. We followed the sample online here which clearly states that even if you include the name or email scopes, nether will not be included as claims in the token which Azure AD B2C receives from Apple.
We can't remove sign in with Apple either, because then we get We noticed that your app uses a third-party login service but does not offer Sign in with Apple.
Thus, we have to be able to sign in with Apple and not show the email screen after signing in. Is there a way to capture the sign in with Apple email address without showing the email screen after signing in Azure B2C? I have already looked at similar issues with no real solution
I am confused with how social oauth works? Lets say i have implemented social oauth login in my project.
user A signed up in my website with Google Oauth. I somehow put that SIGN UP WITH GOOGLE button in my sign up page and then user will click it and will be directed to a link where google will ask to authorize my app or not. If the user A allows, then at first time what information does the google server send to my server. It will send something so that i could save it in my server to know that a user A has been signed up and could give the userA a id to link it to other tables of my database which is in my server (nothing to do with google server). So real question is what will google(or any other service provider like facebook, twitter etc) send me when a new user signed up and when a existing user signed in again. what will happen if a user (already signed up) try to sign up again? or didn't authorize the website again when logging in?
If you want more detailed question, please comment and I will elaborate.
Ok first off lets use a different term than social login. Lets call it third party login and heres why.
Your application has its own login system users can create their accounts on your system by say adding an email address and creating a login name and a password. Now you want to add third party login that being, Facebook, google and twitter login. These are actually third party logins.
What you will actually be doing is linking the users third party social media accounts with your login system. The term often used for this is called account linking.
Lets say user A has created an account in your system already now A has a Facebook account so they would like to link their Facebook account with your login system. So you create a Facebook login button Facebook will return to you an id this often being the id of the user on facebooks system. So when the user logs in using Facebook you get the Facebook id back that you can store on the users account in your system.
Things get a little more confusing if user B wants to login to your system using Google and B does not already have an account in your system
when they login then you will probably get the users id and i think you get their email address back as well so you can use the email address from google so you can create them a actual account on your system and directly link the google login to it automatically.
Its been a while since i have done it but i believe that you get the user id and the email returned to you from third party providers you may want to check thought if memory serves they are not all the same and you may have to make a request to get the email address after you get the id back.
Social login is still not normalized. You have to work them out one by one unless you leverage something that do it for you like the trusstee.io solution.
It appears to be simple to use and is described here https://medium.com/me/stats/post/ef5d5a5a3943.
I'm using google authentication to sign in with firebase.
The authentication process works well and I'm able to create the credentials and authenticate.
My problem is when, after signing out from firebase and google, the user tries to sign in using google again. At this point google will automatically authenticate with the account used previously.
I tried both sign-out and disconnect option from google api but the result is the same.
I partially found what my problem was, here steps to reproduce:
Not signed in with google in app and not signed-in in safari on the device with a google account
Sign in with the application using a google account
Now I am signed-in in app AND in safari as well with the same account
When I sign-out from the application, safari is still authenticated with this user
I'm not able to see the account choice in app until I sign-out the google account from safari on the device
This problem doesn't show up if safari (point 1) was already signed-in with a different google account. In this case I will always have a choice between the two accounts in app.
Is there a way to sign out from the app and always shows the account choice when signing in with google again?
There are many Authentication URI parameters. One of them is "prompt" which could have a "select_account" value. It helped me to resolve the same issue for Auth0-service Google integration. Maybe could be useful for your issue if the SDK allows setting parameters for sign in.
See docs here: https://developers.google.com/identity/protocols/OpenIDConnect#authenticationuriparameters
I am using firebase authentication for my iOS project. I am facing problem of account override by google login case i.e if I logged in with email or facebook login then if I click on google login then from console account getting change in Google plus.
I have disabled the multiple accounts with same email.
I am not getting this issue when I am using google plus login for first time.
This is the expected behavior. Google authentication overrides other forms of authentication like Facebook or email/password if the same email is used. If this is not a behavior you want, go to the Firebase website and leave feedback. In the meantime, here are some options:
Deal with it as is. Users many not even care about it
Turn on multiple accounts so users can sign in with either
Keep a path in your database listing user emails for Facebook authentication, and then use a Cloud Function to scan it before authenticating a user on Google, preventing login if the email is found to belong to a Facebook account.
I just submitted my first iOS app to the apple app store.
My app is facebook login only, so I am assuming the reviewers will ask for a test account.
Can I create a facebook test user account and provide apple with the username and password, so that they can login? I am not sure if facebook has a policy against giving out the username and password to other companies (in this case, Apple).
For FB login, you do not need to supply any test user credentials to Apple. They will use their test accounts for same. I have submitted lot of applications with Fb login on app store and it has never been any issue with Review team.
In my case, I also had facebook only log in, and I created a new facebook account for the testers to use. I'm not sure if this agrees with facebook's policy, but with a test account, they'd need a way to login which means they'd need access to your facebook developer account.
Just submit the email and password for the account you created.
Source: Personal experience -- It passed.