Trying to log in with Email+Password when already logged in with OAuth previously only shows "Incorrect password"

[bezysoftware]

"Link accounts that use the same email" is turned on.

In v7:

1. Users logs in for the first time with OAuth provider (e.g. Google)
2. They sign out and next time they mistakenly try to log in with Email+Password
3. They get "Password Incorrect"

This is a different behavior than in v6, where they would get this dialog:

This helps users a lot to identify how they previously logged in when they forget. Looking at the network calls:

v6 calls https://identitytoolkit.googleapis.com/v1/accounts:createAuthUri (without password in payload, only email) which replies with

{
  "kind": "identitytoolkit#CreateAuthUriResponse",
  "allProviders": [ "google.com"  ],
  "signinMethods": [ "google.com"  ]
}

v7 calls https://identitytoolkit.googleapis.com/v1/accounts:signInWithPassword (with password & email in payload) and receives

{
  "error": {
    "code": 400,
    "message": "INVALID_PASSWORD",
    "errors": [
      {
        "message": "INVALID_PASSWORD",
        "domain": "global",
        "reason": "invalid"
      }
    ]
  }
}

Can we bring back the previous behavior to help users identify how they previously logged in?

[russellwheatley]

Hey @bezysoftware - Those API calls are internal to the firebase-js-sdk. As mentioned in this issue: #1308 (comment), getting providers associated with an email relies on a deprecated firebase auth API, namely fetchSignInMethodsForEmail(). We can't use that anymore, as it'll likely return an empty array in the future.

The best we can aim for is something like -a pop-up with option of trying different provider or attempt another password again?

[ashishyk018-byte]

This makes sense. If an account was originally created via OAuth and has no
password set, attempting Email+Password login should first check the available
sign-in methods for the email and surface a helpful message (as v6 did),
instead of directly returning “Incorrect password”. Happy to explore a fix.

[bezysoftware]

Yes, a more user friendly message is certainly an improvement. It will reduce the number of support tickets from users 🙂

[ashishyk018-byte]

Great, thanks! I’ll look into implementing this and follow up with a PR.

[ashishyk018-byte]

If it makes sense to discuss this live, do you have a preferred Discord or
other channel for contributor discussions? Happy to keep everything here if
you prefer.

[russellwheatley]

@bezysoftware - yes, at a minimum, there should be better feedback to the user in this scenario. I'll see what is possible for this issue 🙏