Incorrect example in documentation around linking accounts?
65 views
Skip to first unread message
s
Mar 18, 2020, 3:49:05 PM3/18/20
to Firebase Google Group
When linking credentials to a user account as described here - the Firebase team’s example seems to be incorrect:
For one, the user variable in the line:
which in this auth context (& assuming basic security rules enabled) would mean you would only have access to currentUser ’s storage, but then they delete the current user & link the credential to the previous user. In otherwords you would only be able to merge the previous user’s data into the current user’s storage, however the current user is deleted & no longer accessible
// Get reference to the currently signed-in user
var prevUser = auth.currentUser;
// Sign in user with another account
auth.signInWithCredential(credential).then(function(user) {
console.log("Sign In Success", user);
var currentUser = user;
// Merge prevUser and currentUser data stored in Firebase.
// Note: How you handle this is specific to your application
// After data is migrated delete the duplicate user
return user.delete().then(function() {
// Link the OAuth Credential to original account
return prevUser.linkWithCredential(credential);
}).then(function() {
// Sign in with the newly linked credential
return auth.signInWithCredential(credential);
});
}).catch(function(error) {
console.log("Sign In Error", error);
});
return user.delete().then(function() {
does not have a .delete function, it would need to be user.user.delete()
& in this example they suggest:
// Merge prevUser and currentUser data stored in Firebasewhich in this auth context (& assuming basic security rules enabled) would mean you would only have access to currentUser ’s storage, but then they delete the current user & link the credential to the previous user. In otherwords you would only be able to merge the previous user’s data into the current user’s storage, however the current user is deleted & no longer accessible
So I’d just like a sanity check here that this example is indeed a flawed approach!
Sam Stern
Mar 18, 2020, 3:54:17 PM3/18/20
to Firebase Google Group
Hi Steven,
Yes you are right. There is a syntax error in this example as well as a more fundamental flaw in the approach that you pointed out. I will get this sample updated, thank you for catching it.
- Sam
--
You received this message because you are subscribed to the Google Groups "Firebase Google Group" group.
To unsubscribe from this group and stop receiving emails from it, send an email to firebase-tal...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/firebase-talk/b63a5be1-95c0-4b62-ac51-0d564ee2e9bd%40googlegroups.com.
s
Mar 18, 2020, 6:12:31 PM3/18/20
to Firebase Google Group
Thanks Sam, I appreciate the confirmation! Looking forward to the corrected sample as it seems data from the previous user will need to be deleted before the user's other account is signed in & merged which feels a bit risky.
On Wednesday, March 18, 2020 at 3:54:17 PM UTC-4, Samuel Stern wrote:
Hi Steven,Yes you are right. There is a syntax error in this example as well as a more fundamental flaw in the approach that you pointed out. I will get this sample updated, thank you for catching it.- Sam
To unsubscribe from this group and stop receiving emails from it, send an email to fireba...@googlegroups.com.
Sam Stern
Mar 20, 2020, 7:37:08 PM3/20/20
to Firebase Google Group
Hi Steven,
I went and updated all the snippets on this page:
https://firebase.google.com/docs/auth/web/account-linking
https://firebase.google.com/docs/auth/web/account-linking
I tried to make them realistic while also keeping them brief. They're now on GitHub (as opposed to being hardcoded) so if you think they're still not right feel free to click the link in the lower-right corner of any snippet and send me your edits!
- Sam
To unsubscribe from this group and stop receiving emails from it, send an email to firebase-tal...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/firebase-talk/47e27ad6-6b6f-412c-824c-0e14af02c983%40googlegroups.com.
s
Mar 21, 2020, 10:37:11 AM3/21/20
to Firebase Google Group
Hey Sam,
line 128 I believe should be:
repo.delete(prevUserData);line 153 I don't think is needed or works as it's out of scope
line 140 & the chained logic I'm unsure of. I'm approaching differently since I'm only going from anonymous to permanent & I don't need the anonymous account anymore at this point so I delete it & merge data into the signed in account.
I know you're keeping it brief but I think this could fail if the linked account is already linked so might at least want a note about it 🤷♂️ Also I haven't tried in this context, but once you've linked the credential can't you just merge w/out signing in again?
Lmk if I can assist further.
Steven
On Friday, March 20, 2020 at 7:37:08 PM UTC-4, Samuel Stern wrote:
Hi Steven,
I went and updated all the snippets on this page:
https://firebase.google.com/docs/auth/web/account-linkingI tried to make them realistic while also keeping them brief. They're now on GitHub (as opposed to being hardcoded) so if you think they're still not right feel free to click the link in the lower-right corner of any snippet and send me your edits!- Sam
To view this discussion on the web visit https://groups.google.com/d/msgid/firebase-talk/47e27ad6-6b6f-412c-824c-0e14af02c983%40googlegroups.com.
Reply all
Reply to author
Forward
0 new messages