当使用“每个电子邮件地址一个帐户"和“ [英] FirebaseAuthInvalidCredentialsException when using "One account per email address"
问题描述
...如果您不允许使用同一封电子邮件发送多个帐户地址,则用户无法创建使用以下帐户登录的新帐户电子邮件地址为ex@gmail.com的Google帐户(如果已有的话)使用电子邮件地址ex@gmail.com登录的帐户和密码.
... if you don't allow multiple accounts with the same email address, a user cannot create a new account that signs in using a Google Account with the email address ex@gmail.com if there already is an account that signs in using the email address ex@gmail.com and a password.
我能够使用已通过电子邮件提供商注册的同一电子邮件登录Google提供商,因此Google提供商替换了电子邮件提供商,后者随后无法使用 FirebaseAuthInvalidCredentialsException登录:密码无效或用户没有密码..
I was able to sign in with Google provider for the same email that was already registered via Email provider, so Google provider replaced Email provider and latter then fails to sign in with FirebaseAuthInvalidCredentialsException: The password is invalid or the user does not have a password..
复制步骤:
注册电子邮件提供商->退出->使用Google提供程序登录->退出
Sign up with Email provider -> Sign out -> Sign in with Google provider -> Sign out
基本上,它不允许将一个提供程序替换为另一个提供程序,并引发 FirebaseAuthUserCollisionException:该电子邮件地址已被另一个帐户使用.
Basically it should not allow to replace one provider with another and throw FirebaseAuthUserCollisionException: The email address is already in use by another account.
我用于登录/退出的一些代码:
Some code that I use for sign in/sign out:
public void signUpEmail(String email, String password) {
mFirebaseAuth.createUserWithEmailAndPassword(email, password)
.addOnCompleteListener(this, task -> {
if (!task.isSuccessful()) {
Log.e("signUpWithEmail", task.getException());
}
});
}
private void firebaseAuthWithGoogle(GoogleSignInAccount acct) {
AuthCredential credential = GoogleAuthProvider.getCredential(acct.getIdToken(), null);
mFirebaseAuth.signInWithCredential(credential)
.addOnCompleteListener(this, new OnCompleteListener<AuthResult>() {
@Override public void onComplete(@NonNull Task<AuthResult> task) {
if (!task.isSuccessful()) {
Log.e("signInWithCredential", task.getException());
}
}
});
}
public void signInEmail(String email, String password) {
mFirebaseAuth.signInWithEmailAndPassword(email, password)
.addOnCompleteListener(this, task -> {
if (!task.isSuccessful()) {
Log.e("signInWithEmail", task.getException());
}
});
}
public void signOut() {
Auth.GoogleSignInApi.signOut(mGoogleApiClient);
mFirebaseAuth.signOut();
startSignInActivity();
}
谢谢!
推荐答案
为优化登录UI步骤并增强帐户安全性,Firebase身份验证具有受信任的提供程序"概念,其中身份提供程序也是电子邮件服务提供程序.例如,Google是@ gmail.com地址的受信任提供程序,Yahoo是@ yahoo.com地址的受信任提供程序,而Microsoft是@ outlook.com地址的受信任提供程序.
To optimize the login UI steps and enhance account security, Firebase Authentication has a concept of 'trusted provider', where the identity provider is also the email service provider. For example, Google is the trusted provider for @gmail.com addresses, Yahoo is the trusted provider for @yahoo.com addresses, and Microsoft for @outlook.com addresses.
在每个电子邮件地址一个帐户"模式下,Firebase身份验证会尝试基于电子邮件地址链接帐户.如果用户从受信任的提供商处登录,则该用户将立即登录该帐户,因为我们知道该用户拥有该电子邮件地址.
In the "One Account per Email address" mode, Firebase Authentication tries to link account based on email address. If a user logins from trusted provider, the user immediately signs into the account since we know the user owns the email address.
如果存在一个具有相同电子邮件地址但使用其他凭据(例如密码或不受信任的提供者)创建的帐户,出于安全原因,将删除以前的凭据.
If there is an existing account with the same email address but created with other credentials (e.g. password or non-trusted provider), the previous credentials are removed for security reasons.
网络钓鱼者(不是电子邮件地址所有者)可能会创建初始帐户-删除初始凭据将阻止网络钓鱼者事后访问该帐户.合法用户可以通过密码重置流程来设置密码,在该流程中,她需要证明自己拥有电子邮件地址.
A phisher (who is not the email address owner) might create the initial account - removing the initial credential would prevent the phisher from accessing the account afterwards. The legit user can set up a password by going through the password reset flow, where she would need to prove she owns the email address.
这篇关于当使用“每个电子邮件地址一个帐户"和“的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
