-
Notifications
You must be signed in to change notification settings - Fork 99
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Inconsistent behavior of providers using GoogleProvider() and AppleProvider() #253
Comments
Hi @anxiety24, in your sign in with apple options, do you have |
Hi @danagbemava-nc, thanks for your response. Can you be more specific in what you mean by "...your Sign in with Apple options"? I didn't find this option in the AppleProvider() object, nor in the Apple Developer Portal - identifier configuration for "Sign in with Apple". Or do you mean what was selected by the user while signing in with Apple on the respective UI? (so using the anonymize feature of Sign in with Apple?) If that's the case I can already confirm that this doesn't affect or alter the experienced behavior as I already tested both in order to resolve the issue. |
Yes, I was referring to the anonymizing feature provided by the sign in with apple. How are you handling the Also, do you have email-enumeration-protection enabled? https://cloud.google.com/identity-platform/docs/admin/email-enumeration-protection |
email-enumeration-protection is disabled as the project was created way before its introduction. Actually, I'm not handling the SignInScreen(
headerBuilder: (context, constraints, _) {
return Padding(
padding: const EdgeInsets.all(20),
child: AspectRatio(
aspectRatio: 1,
child: Image.asset('assets/images/app_logo.png'),
),
);
},
footerBuilder: (context, action) {
return Padding(
padding: const EdgeInsets.only(top: 16),
child: Text(S.current.account_signup_toc_agreement, style: const TextStyle(color: Colors.grey), textAlign: TextAlign.center),
);
},
//providers: AppUser.providerConfigs,
actions: [
AuthStateChangeAction((context, AuthState state) {
debugPrint("AuthStateChangeAction => $state");
}),
AuthStateChangeAction<SignedIn>((context, state) {
debugPrint("SignedIn");
Navigator.pushReplacementNamed(context, '/');
}),
AuthStateChangeAction<UserCreated>((context, state) {
debugPrint('UserCreated');
Navigator.pushReplacementNamed(context, '/');
}),
AuthStateChangeAction<CredentialLinked>((context, state) {
debugPrint('CredentialLinked');
Navigator.pushReplacementNamed(context, '/');
}),
],
) Additionally, I have a Model listening to changes of the Firebase User object to handle a seamless experience between permanent and anonymous sign in. Don't believe this affects the issue, but maybe of help for completeness: FirebaseAuth.instance
.userChanges()
.listen((User? user) {
debugPrint("userChanged $user");
if (user == null) {
signInAnonymous();
} else {
currentUser = user;
updatePurchases();
updateUserSettings();
}
notifyListeners();
}); Hope this helps understanding the use case and current implementation better! |
Hi @anxiety24, do you have |
Hey @danagbemava-nc, yep that setting is enabled and I already stumbled upon the scenario you're referring to. (and it makes total sense from a security pov) However, that doesn't quite explain the different behavior between the two providers mentioned, as it works perfectly fine using the EmailAuth- and AppleProvider, where the latter is definitely also a trusted provider. To further narrow down the issue, I also tried subclassing the GoogleProvider class and overriding its property Debugging the AuthStateChangeActions while trying to sign in into an existing account linked to the respective provider, the sequence of events is as follows: AppleProvider:
GoogleProvider:
Therefore, there really seem to be differences in the implementation of the providers under the hood when it comes to this scenario. I hope that helps researching this behavior in greater detail |
Thanks for the details. Labeling this for further insight from the team. cc @lesnitsky |
I have the same problem. It looks that merging anonymous account using AppleProvider doesn't work. It works for Google. |
Same here. What did I try:
|
Hi, |
Happy to look into this if someone can provide a full reproduction with steps to take to reproduce. Thanks 🙏 |
@russellwheatley Hi!
|
Same behavior here. Anonymous account gets linked on Google but not on Apple. |
@yoman07 did you find a workaround? @russellwheatley still blocked on customer response? Did you get a repro? |
Hey @georgeselkhoury - still waiting for code reproduction which I can drop into |
Expected Result: Anonymous user is linked to Apple (Just like it does on Google or Email Provider) Actual Result: Anonymous user is not linked and a new user with Apple behavior is created. Is this okay or do you need only code repro? |
I have been digging a bit into the code. I think this is not being called for Apple: There is also fix #288 that @yoman07 has created. Either this or when whenever we initiate it we setup action as Link if we have a logged in user with anonymous true. |
Impact of not fixing this is that we have to rebuild the UI just to support the linking flow for Apple. |
Here is a workaround that worked for me. More inheritance than composition but it works.
I still think this should be fixed though. It has different behavior than Google. I think all Oauth should behave the same. |
@yoman07 has provided a fix for this bug: #288 Could you let me know if this fixes your issue? @anxiety24 @georgeselkhoury |
Is there an existing issue for this?
What plugin is this bug for?
Firebase UI OAuth Google, Firebase UI OAuth Apple
What platform(s) does this bug affect?
Android, iOS
List of dependencies used.
flutter pub deps -s list
Steps to reproduce
Setup the standard SignInScreen of FirebaseUIAuth with successfully configured providers GoogleProvider(clientId:) and AppleProvider() and login the existing user with the signInAnonymously method beforehand.
On the SignInScreen, using the "Sign in with Apple" option, the account is permanently created in the user management and successfully upgraded / linked to the provider. Logging in on another device after that (while being again anonymously logged in before, too) the anonymous login is overwritten in favor of the recently created account, linked with the apple provider.
However, trying the same using the GoogleProvider, the behavior seems to differ and I hope someone can either explain this behavior to me or look into the issue.
Expected Behavior
It is expected that the GoogleProvider works exactly the same as the AppleProvider in case of Sign-up, linking and especially signing in again on a different device using the same credentials.
Actual Behavior
Signing in with the GoogleProvider on another device leads to an "credentials-already-in-use" error of the framework, indicating that the credentials belong to another account and therefore cannot be linked to another (anonymous) user.
In contrast to AppleProvider, the GoogleProvider doesn't seem to recognize that the user tries to sign-in with existing credentials, so it seems impossible to sign-in with GoogleProvider like it is with AppleProvider.
Same holds true if you log out of your existing account, being automatically logged in anonymously again immediately by the app, then trying to sign-in using the same credentials used some minutes ago.
Additional Information
No response
The text was updated successfully, but these errors were encountered: