Search code examples
iosfirebasefirebase-authenticationgoogle-signin

Firebase iOS, how to detect a user previously signed up through Google when trying to register using Google?


I can do this with Sign in with Apple, but I don't seem to be able to do this for Google:

I want to make sure that if a user selects "Sign Up with Google" they can only use it if no Google account exists on our side in Firebase Auth. If it exists it should show them their account already exists and ask them to use the "Sign In" button.

I see no way of doing this. I tried the below using fetchSignInMethods, but not only is it deprecated, it also returns google.com when a new user signs up.

    private func authWithGoogle(isLogin: Bool) {
        guard let clientID = FirebaseApp.app()?.options.clientID else { return }

        let config = GIDConfiguration(clientID: clientID)

        GIDSignIn.sharedInstance.configuration = config
        // Start the sign in flow!
        GIDSignIn.sharedInstance.signIn(withPresenting: rootViewController) { [weak self] signinResult, error in
            guard let self = self else { return }

            if let error = error {
                let nsError = error as NSError
                if nsError.code == -5 {
                    return
                }
                
                self.handleAuthError(error)
                return
            }

            guard
                let user = signinResult?.user,
                let idToken = user.idToken?.tokenString else {
                    self.error(NSError.genericErrorMessage)
                    return
            }

            let accessToken = user.accessToken.tokenString

            let credential = GoogleAuthProvider.credential(
                withIDToken: idToken,
                accessToken: accessToken
            )
            
            guard let email = user.profile?.email else {
                self.error(NSError.genericErrorMessage)
                return
            }
                    
            Auth.auth().fetchSignInMethods(forEmail: email) { (methods, error) in
                print("\(methods!)")
                if isLogin {
                    self.loginUserWithCredential(credential, completion: nil)
                } else {
                    Auth.auth().signIn(with: credential) { authResult, error in
                        if let error = error {
                            self.handleAuthError(error)
                            return
                        }

                        self.finished(user: authResult!.user, isLogin: false)
                    }
                }
            }
        }
    }

Solution

  • This used to be possible in Firebase Authentication by calling the fetchProvidersForEmail method. Unfortunately this method was deprecated when Firebase defaulted to enabling its protection against email enumeration attacks on new projects in late 2023.

    Since then you can either explicitly disable the protection, or (better) you will have to track the sign-in methods of your users yourself. It'd be pretty similar to the data Firebase used to expose, so be sure to protect again email enumeration attacks yourself too.

    For an example of what Firebase exposes in this API, see this signature of the REST API call.