FirebaseAuthInvalidCredentialsException在使用“每个电子邮件地址一个帐户”时 [英] FirebaseAuthInvalidCredentialsException when using "One account per email address"

查看:196
本文介绍了FirebaseAuthInvalidCredentialsException在使用“每个电子邮件地址一个帐户”时的处理方法,对大家解决问题具有一定的参考价值,需要的朋友们下面随着小编来一起学习吧!

问题描述


...如果您不允许具有相同电子邮件
地址的多个帐户,则用户无法创建使用
Google帐户登录的新帐户电子邮件地址为ex@gmail.com(如果已有
的帐户使用电子邮件地址ex@gmail.com和
密码登录)。


我可以通过Google提供商登录与通过电子邮件提供商注册的电子邮件,因此Google提供商替换了电子邮件提供商,后者则无法使用 FirebaseAuthInvalidCredentialsException :密码无效或用户没有密码。



重现步骤:



使用电子邮件提供商注册 - >退出
- >使用Google提供商登录
- >退出



基本上它不应该允许用另一个替换一个提供者,抛出 FirebaseAuthUserCollisionException:电子邮件地址已被另一个帐户使用。



用于登录/注销的一些代码: p> 

  public void signUpEmail(String email,String password){
 mFirebaseAuth.createUserWithEmailAndPassword(email,password)
。 addOnCompleteListener(this,task  - > {
 if(!task.isSuccessful()){
 Log.e(signUpWithEmail,task.getException()); 
} 
}); 
} 
 
 private void firebaseAuthWithGoogle(GoogleSignInAccount acct){
 AuthCredential凭证= GoogleAuthProvider.getCredential(acct.getIdToken(),null); 
 mFirebaseAuth.signInWithCredential(凭证)
 .addOnCompleteListener(this,new OnCompleteListener< AuthResult>(){
 @Override public void onComplete(@NonNull Task< AuthResult> task){
 if(!task.isSuccessful()){
 Log.e(signInWithCredential,task.getException()); 
} 
} 
}); 
 
 $ b $ public void signInEmail(String email,String password){
 mFirebaseAuth.signInWithEmailAndPassword(email,password)
 .addOnCompleteListener(this,task  - > { 
 if(!task.isSuccessful()){
 Log.e(signInWithEmail,task.getException()); 
} 
}); 
} 
 
 public void signOut(){
 Auth.GoogleSignInApi.signOut(mGoogleApiClient); 
 mFirebaseAuth.signOut(); 
 startSignInActivity();

谢谢!



在每个电子邮件地址一个帐户模式下,Firebase身份验证会尝试根据电子邮件地址关联帐户。如果用户从受信任的提供商登录,则用户立即登录该帐户,因为我们知道用户拥有该电子邮件地址。



如果存在具有相同电子邮件的现有帐户地址,但使用其他凭据(例如密码或不可信任的提供者)创建,则出于安全原因,先前的凭据将被删除。
$ b 一名钓鱼者(不是电子邮件地址所有者)可能会创建初始帐户 - 删除初始凭证会阻止钓鱼者之后访问帐户。合法用户可以设置一个密码,通过密码重置流程,她需要证明她拥有电子邮件地址。


... if you don't allow multiple accounts with the same email address, a user cannot create a new account that signs in using a Google Account with the email address ex@gmail.com if there already is an account that signs in using the email address ex@gmail.com and a password.

I was able to sign in with Google provider for the same email that was already registered via Email provider, so Google provider replaced Email provider and latter then fails to sign in with FirebaseAuthInvalidCredentialsException: The password is invalid or the user does not have a password..

Steps to reproduce:

Sign up with Email provider -> Sign out -> Sign in with Google provider -> Sign out

Basically it should not allow to replace one provider with another and throw FirebaseAuthUserCollisionException: The email address is already in use by another account.

Some code that I use for sign in/sign out:

  public void signUpEmail(String email, String password) {
    mFirebaseAuth.createUserWithEmailAndPassword(email, password)
        .addOnCompleteListener(this, task -> {
          if (!task.isSuccessful()) {
            Log.e("signUpWithEmail", task.getException());
          }
        });
  }

  private void firebaseAuthWithGoogle(GoogleSignInAccount acct) {
    AuthCredential credential = GoogleAuthProvider.getCredential(acct.getIdToken(), null);
    mFirebaseAuth.signInWithCredential(credential)
        .addOnCompleteListener(this, new OnCompleteListener<AuthResult>() {
          @Override public void onComplete(@NonNull Task<AuthResult> task) {
          if (!task.isSuccessful()) {
            Log.e("signInWithCredential", task.getException());
          }
        }
    });
  }

  public void signInEmail(String email, String password) {
    mFirebaseAuth.signInWithEmailAndPassword(email, password)
        .addOnCompleteListener(this, task -> {
          if (!task.isSuccessful()) {
            Log.e("signInWithEmail", task.getException());
          }
      });
  }

  public void signOut() {
    Auth.GoogleSignInApi.signOut(mGoogleApiClient);
    mFirebaseAuth.signOut();
    startSignInActivity();
  }

Thank you!

解决方案

To optimize the login UI steps and enhance account security, Firebase Authentication has a concept of 'trusted provider', where the identity provider is also the email service provider. For example, Google is the trusted provider for @gmail.com addresses, Yahoo is the trusted provider for @yahoo.com addresses, and Microsoft for @outlook.com addresses.

In the "One Account per Email address" mode, Firebase Authentication tries to link account based on email address. If a user logins from trusted provider, the user immediately signs into the account since we know the user owns the email address.

If there is an existing account with the same email address but created with other credentials (e.g. password or non-trusted provider), the previous credentials are removed for security reasons.

A phisher (who is not the email address owner) might create the initial account - removing the initial credential would prevent the phisher from accessing the account afterwards. The legit user can set up a password by going through the password reset flow, where she would need to prove she owns the email address.

这篇关于FirebaseAuthInvalidCredentialsException在使用“每个电子邮件地址一个帐户”时的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!

查看全文
相关文章
移动开发最新文章
热门教程
热门工具
登录 关闭
扫码关注1秒登录
发送“验证码”获取 | 15天全站免登陆