There are two methods a user can sign in via email: “emailLink” and “password” (see https://firebase.google.com/docs/auth/web/email-link-auth#differentiating_emailpassword_from_email_link)
I want to give my users the option to switch between these two methods. However, I did not find any documentation to how I could unlink an email sign-in method (e.g. password).
As far as I understood, you can only unlink a sign-in method when the user has multiple provider IDs, but email-link and password share the same providerId (strangely emailLink providerID is called “password”).
Thanks for your help!
Advertisement
Answer
EDIT
When switching from emailLink to password, a major flaw with the solution below is that after the switch the email won’t be verified anymore. So in this case, it is better to call updatePassword. This will result the user having two email sign ins, “password” and “emailLink” (as returned by fetchSignInMethodsForEmail). When the user switches back to “emailLink”, you can use the solution below and the result of fetchSignInMethodsForEmail will only include “emailLink”.
So I found the solution: If you switch from emailLink to password, you simply use the following:
// 1) get credential from use input const credential = EmailAuthProvider.credential(email, newPassword) // 2) unlink email link authentication // https://firebase.google.com/docs/auth/web/account-linking#unlink-an-auth-provider-from-a-user-account const newUser = await unlink(currentUser, "password") // 3) link with new credential const userCredential = await linkWithCredential(newUser, credential)
Now, if we want to switch back from password to emailLink, we first have to send the client an email containing the sign in link. Once the user clicks on the sign in link, we again create the credential and proceed in the same manner.
Note that if there goes something wrong between step 2 and 3, the user is pretty much screwed and we have to take special care of that scenario.