Developer Error on login with existing email/password after email/link enabled

[hermannpoilpre]

Environment

• Android device: Google Pixel 3
• Android OS version: Android 10
• Google Play Services version: 20.04.12
• Firebase/Play Services SDK version: 17.0.0
• FirebaseUI version: 6.2.0

Description

Our application actually uses email/password authentication. We want to use email/link. Email/link authentication works fine with new users. With an already existing user who used to log with email/password, we get a "Developer Error" after validating their email.

ProviderUtils.fetchSortedProvider compares providers link to user email (password) and providers enabled by the app (emailing, google, facebook)

email/link or password are considered as a provider instead of a method of Email provider as Firebase documentation suggest https://firebase.google.com/docs/auth/android/email-link-auth#differentiating_emailpassword_from_email_link

Steps to reproduce:

1. Enable passwordless login in Firebase console
2. Log in with an existing user email formerly authenticated with email/password method

Observed Results:

"Developer Error" Toast displayed

Stacktrace :

2020-02-10 14:51:24.021 15237-15237/com.appy.lotteryapp E/AuthUI: A sign-in error occurred.
    com.firebase.ui.auth.FirebaseUiException: Developer error
        at com.firebase.ui.auth.ui.email.EmailActivity.finishOnDeveloperError(EmailActivity.java:210)
        at com.firebase.ui.auth.ui.email.EmailActivity.onDeveloperFailure(EmailActivity.java:205)
        at com.firebase.ui.auth.ui.email.CheckEmailFragment$1.onFailure(CheckEmailFragment.java:151)
        at com.firebase.ui.auth.viewmodel.ResourceObserver.onChanged(ResourceObserver.java:80)
        at com.firebase.ui.auth.viewmodel.ResourceObserver.onChanged(ResourceObserver.java:19)
        at androidx.lifecycle.LiveData.considerNotify(LiveData.java:131)
        at androidx.lifecycle.LiveData.dispatchingValue(LiveData.java:149)
        at androidx.lifecycle.LiveData.setValue(LiveData.java:307)
        at androidx.lifecycle.MutableLiveData.setValue(MutableLiveData.java:50)
        at com.firebase.ui.auth.viewmodel.OperableViewModel.setResult(OperableViewModel.java:25)
        at com.firebase.ui.auth.ui.email.CheckEmailHandler.access$100(CheckEmailHandler.java:22)
        at com.firebase.ui.auth.ui.email.CheckEmailHandler$1.onComplete(CheckEmailHandler.java:45)
        at com.google.android.gms.tasks.zzj.run(Unknown Source:4)
        at android.os.Handler.handleCallback(Handler.java:883)
        at android.os.Handler.dispatchMessage(Handler.java:100)
        at android.os.Looper.loop(Looper.java:214)
        at android.app.ActivityThread.main(ActivityThread.java:7356)
        at java.lang.reflect.Method.invoke(Native Method)
        at com.android.internal.os.RuntimeInit$MethodAndArgsCaller.run(RuntimeInit.java:492)
        at com.android.internal.os.ZygoteInit.main(ZygoteInit.java:930)

Expected Results:

Password screen must be displayed or an email must be send to login via a link

Relevant Code:

val actionCodeSettings = ActionCodeSettings.newBuilder()
          .setHandleCodeInApp(true)
          .setAndroidPackageName(
              BuildConfig.APPLICATION_ID, 
              true,
              EMAIL_LINK_MIN_APP_VERSION)
          .setIOSBundleId(BuildConfig.APPLICATION_ID)
          .setUrl(EMAIL_LINK_URL)
          .setDynamicLinkDomain(EMAIL_LINK_DOMAIN)
          .build()

      val providers = arrayListOf(
          AuthUI.IdpConfig.EmailBuilder()
              .enableEmailLinkSignIn()
              .setActionCodeSettings(actionCodeSettings)
              .setAllowNewAccounts(true)
              .build(),
          AuthUI.IdpConfig.GoogleBuilder().build(),
          AuthUI.IdpConfig.FacebookBuilder().build()
       )

val intent = AuthUI.getInstance()
          .createSignInIntentBuilder()
          .setAvailableProviders(providers)
          .setTheme(R.style.AppTheme)
          .setIsSmartLockEnabled(false)
          .build()

startActivityForResult(intent, REQUEST_CODE_FIREBASE_AUTH)

[samtstern]

@lsirac before I dig into this can you confirm what the expected behavior would be if I try to sign in with Email Link for a user that was previously authenticated with Email/Password? That should work, right?

[lsirac]

Unfortunately this is WAI. We don't allow developers to allow both email/password and email/link. If you allow email/link, email/password will not be a supported sign-in method, and previous users using email/password won't be able to sign in.

[samtstern]

Thanks for clarifying @lsirac, closing as this is not a FirebaseUI issue.

@hermannpoilpre if you want to voice your support for a change in the Firebase Auth behavior, file a feature request here: https://firebase.google.com/support

[hermannpoilpre]

Understood, but iOS version of Firebase Auth UI works as intended : a user authenticated with password can still login with his password after enabling email/link settings. Contrary to Android version of Firebase Auth UI. So in my opinion, it is an Android Firebase Auth UI issue.

[samtstern]

@hermannpoilpre thanks for confirming this works differently on iOS (I don't use iOS often). I will consider this a feature request.

[theHilikus]

I'm having the same issue, may i suggest a more explicit error message as well. It's hard to get to this ticket from "Developer error"

Also, If this is by design and you can't mix and match, can you provide a recommendation on how to properly transition existing users from email/password to email/link? in other words, how to roll it out.

Thank you

[hermannpoilpre]

It's not the same problem. Actually I use setAllowNewAccounts(true) in my EmailBuilder :

[ishaansrm]

No workaround? Looks like I will have to revert all link change and go back to password auth for now 😓