Firebase Auth saving users without identifier with OIDC
I am currently able to register new users with Firebase Auth and an OIDC provider (OP from now on). That means the user sees the pop-up for login and, after successful login, a new user appears in Firebase Authentication.
However, the new users are missing the identifier (which I would expect to be the email address):
When using the email scope, the OP is providing the email and email_verified claims as part of the userinfo response, but I'm guessing Firebase is trying to read the email address in a different way.
Is there a way to know which field(s)/scopes is Firebase using/expecting to read in order to set the email as the new user's identifier with OIDC? So that:
- I can ask the OP to update their configuration/response accordingly and allow Firebase to store the email address as identifier.
- Or update some configuration client-side to tell Firebase to use the available claims using the userinfo endpoint.
I contacted Firebase support and they clarified that Firebase needs those claims both:
- In the userinfo endpoint.
- In the ID token.
So basically, it is not enough to have them included in the userinfo response. OP needs to add the claims in the ID token for Firebase to use the email address as the identifier in the Authentication users list.
Example of an ID token that would work properly with Firebase:
{
iss: 'https://www.provider.com',
aud: 'audience',
iat: 12345,
exp: 123456,
sub: 'UserID0001',
name: 'Jane Doe',
given_name: 'Jane',
family_name: 'Doe',
preferred_username: 'j.doe',
picture: 'http://example.com/janedoe/me.jpg'
email: '[email protected]', // This claim is expected
email_verified: 'true' // This claim is expected
}
The userinfo endpoint is also required to return the same claims (and according to Firebase support they need to match with the ID token):
{
name: 'Jane Doe',
given_name: 'Jane',
family_name: 'Doe',
preferred_username: 'j.doe',
picture: 'http://example.com/janedoe/me.jpg'
email: '[email protected]', // This claim is expected
email_verified: 'true' // This claim is expected
}
- Flutter Firebase and Android issue - unable to initialise. Cannot find google-services.json with latest (sept 2020) migration instructions executed
- FirebaseCommandException: An error occured on the Firebase CLI when attempting to run a command
- Implement push notification firebase
- Firebase Firestore: Accessing Never-Retrieved Data Offline
- What are the Password and Email Validation Rules for Firebase's Password-Based Accounts?
- Sending Firebase message to topic to same user on multiple devices
- When I test the app, it says both mail and password are incorrect, even though I only entered the mail part incorrectly
- Feature Unavailable: facebook login is currently unavailable for this app since we are updating additional details for this app. Please Try again
- Why is the Firebase Realtime Database's data appearing as null in the console?
- `FirebaseInstallations` requires CocoaPods version `>= 1.12.0`, Build failed: Your project requires a newer version of CocoaPods
- Flutter firebase connect to emulator from real device
- updating firestore document multiple times from event trigger function overwrites or stops updating after few triggers
- How to reconcile Firebase Auth token refreshing with Server-Side Rendering
- How to delete a created firestore database.?
- Firebase throws "Given sign-in provider is disabled for this project" error when I try to sign up user via app but able to add user via console
- Firebase deploy failed even without changing the function from onCallable to onRequest
- Firebase App Check error in Flutter's Android Release Builds
- Genkit using retriever context and tools causes error
- Not able to verify squarespace domain for non-www-prefixed url in firebase
- Firebase Auth saving users without identifier with OIDC
- Firebase Admin SDK cant upload to storage bucket folder
- Accessing Firestore via Cloud Function
- Problem with executing asynchronous Cloud Function
- do you need to create a separate collection/document for reading an aggregated document with firebase cloud function
- httpsCallable is not a function when calling a Firebase function
- Requests for referrer are blocked when trying to sign in anonymously to Firebase
- Error: Text strings must be rendered within a <Text> component in React Native when string is not empty
- Android Studio's project gradle file changed?
- Cannot display Data from my layout viewBinding
- How to send one to one message using Firebase Messaging