I've set up Firebase Authentication for my app with an OIDC provider. In this OIDC provider, the email address isn't required to be unique. For instance, users from the same company could share their company's email address. When I log in to the app through Firebase Authentication however, Firebase uses the email as the "identifier". This means that a different user with the same email ends up sharing the same Firebase Authentication user.
Is it possible to tell Firebase Authentication to use something else as the identifier (eg. the "sub")?
Alternatively, could there be any additional setup I need to do in our OIDC provider the signal to Firebase what it should use as an identifier? The provider uses ASP.NET Identity + OpenIDDict.
Thanks.
I fixed this by passing a custom scope from my clients that use Firebase Auth.
The OIDC provider then looks for that scope and when it is present, it does not provide the email claim. This seems to trigger Firebase Auth to use the name claim instead, which in my case is sufficiently unique.