Does Firebase create accounts for all authentication types?

Question

Email registrations are seen as a new record under the Simple Login → Email tab in our forge.

But what happens when a user Signs In using one of the OAuth2 logins like Facebook or Google?

Take the example right off the site and apply multiple contexts to it:

{
  "rules": {
    ".read": true,
    "comments": {
      "$comment": {
        ".write": "auth != null",
        ".validate": "auth.id == newData.child('userid').val() && newData.hasChildren(['userid', 'body']) && newData.child('body').isString()"
      }
    }
  }
}

• If a user logs in with a Facebook account will Firebase create a new auth record and scope security rules in the same context as an Email/Password login?

• If so are those registrations viewable in the same way as our Email auth type? Do you perform operations on those records like (delete) in the same way?

• What would be the best way to scheme a master userId collection that enables a user to tie multiple account types together? (Facebook, Google, and Email all tied together)

Answer 1

Keep in mind that "creating a user" in that console (and in Firebase Simple Loign email / password auth. in general) only generates a new mapping between an email address and a password, and gives that account a unique, auto-incrementing id.

Firebase Simple Login will not automatically store any data in your Firebase, though upon login, it will automatically generate a new Firebase auth. token against which you may write security rules making use of the auth variable.

Login methods using any other provider currently store no data, though in the future there may be more functionality there. Logging in with Facebook / Google / etc. will also fetch a bunch of useful user metadata and send it down to the client, in addition to creating a Firebase auth. token for use in security rules. To see the contents of the auth variable across all providers, see the 'After Authenticating' section on each of the Simple Login Providers docs pages, for example: Facebook. There is no notion of a delete for any provider except for the email / password provider.

If you'd like to have user accounts that are linked to multiple social credentials, it can be done, though it is a little clunky (and manual) at present. See How can I login with multiple social services with Firebase? for a thorough walkthrough.