如何在Firebase中为同一用户处理多种登录方法? [英] How to handle multiple sign in methods for the same user in Firebase?

问题描述

我目前正在使用Firebase开发身份验证系统.我希望我的系统接受电子邮件/密码，Google和Facebook作为注册和登录方法.

I'm currently developing an authentication system with Firebase. I'd like my system to accept email/password, Google and Facebook as sign-up and sign-in methods.

到目前为止，太好了.当用户分别注册每种方法时，一切都很好.当用户想要使用另一种方法注册时，问题就开始了，我需要将新方法链接到先前由同一用户使用另一种方法注册的同一帐户.

So far, so good. Everything works good when the user signs up with each method separately. The problem begins when a user wants to sign up with another method and I need to link the new method to same account that was previously registered by the same user using another method.

我的示例仅提及电子邮件/密码和Google方法.

My examples will mention only the email/password and Google methods.

注意:我的Firebase身份验证系统设置为每封电子邮件仅接受1个帐户.

Note: my Firebase auth system is set to accept only 1 account per email.

Example1(工作正常):

1. 用户首次在Google中注册
2. 完美！我得到了他的详细信息，并使用由auth系统创建的用户ID将其写入Firestore.
3. 用户现在尝试使用他的电子邮件/密码(与他第一次在Google上注册时使用的电子邮件相同)再次注册
4. 我收到一条错误消息，说该电子邮件正在使用中，我让用户知道他已经在Google上注册，并要求他再次在Google上登录
5. 然后，一旦他登录Google，我就让他在自己的帐户页面中创建一个密码.
6. 我将使用该密码，并将其链接到他首次与Google签约时所使用的现有帐户(他目前已登录).
7. 太好了！现在，我有一个可以使用Google或他的密码登录的用户.

示例2(问题):

1. 用户首次使用他的电子邮件/密码注册.请注意，他的电子邮件是来自Google(gmail)的电子邮件.
2. 完美！我得到了他的详细信息，并使用auth系统创建的用户ID将其写入Firestore.
3. 用户现在尝试使用Google登录方法(使用相同的电子邮件)再次注册.
4. 显然一切正常，用户登录就可以了.
5. 但是事实是，在没有任何警告的情况下，Firebase身份验证已放弃了他的电子邮件/密码方法，仅用Google登录方法代替了它.

Google网上论坛-Firebase Talk -关于这个问题

从上面的链接以及此处有关StackOverflow的其他一些相关问题，我了解到，这种行为是由于安全问题造成的，这就是为什么Google拥有比其他身份验证提供者更高的优先级"的原因，因为您可以真正信任这些用户及其电子邮件.

From the link above and some other related questions here on StackOverflow, I understood that this behavior is like this because of security issues, and that is why Google has a "higher precedence" over other auth providers, since you can really trust those users and their emails.

但是删除用户创建的密码对我来说似乎是错误的.更不用说在没有任何警告的情况下这样做了.

But to remove a password that a user has created seems wrong to me. Not to mention doing it without any warnings.

而且，这似乎与以下Firebase帮助页面冲突:

And also, this seems to be in conflict with the following Firebase help page:

Firebase帮助-允许多个帐户使用相同的电子邮件地址

从上面链接的帮助页面:

From the help page linked above:

您可以配置用户是否可以创建多个使用以下帐户的帐户 相同的电子邮件地址，但链接到不同的登录方法. 例如，如果您不允许多个帐户使用同一封电子邮件 地址，则用户无法创建使用以下帐户登录的新帐户 电子邮件地址为ex@gmail.com的Google帐户(如果已有的话) 使用电子邮件地址ex@gmail.com登录的帐户和 密码.

You can configure whether users can create multiple accounts that use the same email address, but are linked to different sign-in methods. For example, if you don't allow multiple accounts with the same email address, a user cannot create a new account that signs in using a Google Account with the email address ex@gmail.com if there already is an account that signs in using the email address ex@gmail.com and a password.

从上面的摘录中，我了解到，如果我以前使用电子邮件/密码组合创建了该帐户，那么我将无法使用该帐户创建该帐户.但这并非如此，如示例2所示.非常奇怪！

From the excerpt above, what I understand is that I shouldn't be able to create the account using Google, if I have created it previously using a email/password combination. But that is not what happens, as per Example 2. Very strange!

现在是真正的问题:

由于我无法更改Firebase行为，因此我正在考虑更改Firebase身份验证系统，以允许每个电子邮件使用多个帐户，并使用他们的电子邮件作为主键来处理Firestore中的所有用户数据(而不是使用Firebase身份验证系统的用户ID)，因为电子邮件/登录方法的每种组合都将被视为Firebase身份验证系统中的不同帐户，因此每个帐户都将具有不同的用户ID.

Since I'll not be able to change Firebase behavior, I'm thinking about changing my Firebase auth system to allow multiple accounts per email and handle all my users data in Firestore using their email as the primary key (instead of using the userID of the Firebase auth system), since every combination of email/sign-in method will be considered a different account in the Firebase auth system and therefore each one will have a different userID.

例如:

johndoe@gmail.com/密码=用户ID X

johndoe@gmail.com / password = UserID X

johndoe@gmail.com/Google登录=用户ID Y

johndoe@gmail.com / Google sign-in = UserID Y

johndoe@gmail.com/Facebook登录=用户ID Z

johndoe@gmail.com / Facebook sign-in = UserID Z

以上所有帐户都将使用johndoe@gmail.com作为主键"(集合)在Firestore中存储和访问数据.

All of the accounts above will store and access data in the Firestore using the johndoe@gmail.com as the "primary-key" (collection).

但是由于我还处于开发初期，所以这似乎有些"hacky"，将来我可能会带来一些麻烦.

But since I'm early in my development, this seems a bit "hacky" I might bring some complications in the future.

您推荐什么?这里的主要目标是让我的用户使用他们想要使用的任何方法进行注册和登录.所有方法都应允许它们访问我的应用程序(将在Firestore中)中的数据.

What do you recommend? The main goal here is to let my users sign-up and sign-in using any method that they want to. All of the methods should allow them to access their data in my application (that will be in Firestore).

我拒绝静默删除他们先前创建的用户密码，只是为了让他们注册并使用Google.

I refuse to silently delete a user's password that they previously created just to let them sign-up and in with Google.

还有其他想法或意见吗?

Any other ideas or comments?

很抱歉，这个问题很长，但我认为它很好地说明了这个问题.

Sorry for the long question, but I think it illustrated the problem well.

推荐答案

一种选择是强制密码用户在注册后立即验证其电子邮件地址.在示例2中，如果电子邮件地址已通过验证，例如，，Firebase将保留帐户的现有密码.通过将验证链接发送到该电子邮件地址，并且用户单击了该链接.

One option is to enforce password users to verify their email address right after they sign up. In the example #2, Firebase will keep the account's existing password if the email address has been verified e.g. by sending a verification link to the email address and the user has clicked the link.

这篇关于如何在Firebase中为同一用户处理多种登录方法?的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！