'Firebase removes user details and allow user to sign in with un-linked account after updating email
When the user signs up in my app with Facebook and later updates their email to a Gmail (without linking it to Google, only verifying it) the user suddenly now can sign in by using the Google provider, and when it happens the name and picture are swapped for the details that belong to the Google account. The account is also now suddenly linked to Google. Shouldn't the user not be allowed to sign in with the Google provider unless I link the Facebook account to the Google provider?
And I also noticed when the user signs up with Apple and Google the email is automatically verified even though the user hasn't verified their email, this did not happen when I signed up with Facebook.
Solution 1:[1]
For anyone stuck on the same issue, having Auth.auth().fetchSignInMethods(forEmail: email) to check the users email when the user try to sign in with their unlinked gmail did the job.
Sources
This article follows the attribution requirements of Stack Overflow and is licensed under CC BY-SA 3.0.
Source: Stack Overflow
| Solution | Source |
|---|---|
| Solution 1 | vebbis |