Authenticate Using Google Sign-In with JavaScript

Handling account-exists-with-different-credential Errors

If you enabled the One account per email address setting in the Firebase console, when a user tries to sign in a to a provider (such as Google) with an email that already exists for another Firebase user's provider (such as Facebook), the error auth/account-exists-with-different-credential is thrown along with an AuthCredential object (Google ID token). To complete the sign in to the intended provider, the user has to sign first to the existing provider (Facebook) and then link to the former AuthCredential (Google ID token).

Popup mode

If you use signInWithPopup, you can handle auth/account-exists-with-different-credential errors with code like the following example:

// Step 1.
// User tries to sign in to Google.
auth.signInWithPopup(new firebase.auth.GoogleAuthProvider()).catch(function(error) {
  // An error happened.
  if (error.code === 'auth/account-exists-with-different-credential') {
    // Step 2.
    // User's email already exists.
    // The pending Google credential.
    var pendingCred = error.credential;
    // The provider account's email address.
    var email = error.email;
    // Get sign-in methods for this email.
    auth.fetchSignInMethodsForEmail(email).then(function(methods) {
      // Step 3.
      // If the user has several sign-in methods,
      // the first method in the list will be the "recommended" method to use.
      if (methods[0] === 'password') {
        // Asks the user their password.
        // In real scenario, you should handle this asynchronously.
        var password = promptUserForPassword(); // TODO: implement promptUserForPassword.
        auth.signInWithEmailAndPassword(email, password).then(function(result) {
          // Step 4a.
          return result.user.linkWithCredential(pendingCred);
        }).then(function() {
          // Google account successfully linked to the existing Firebase user.
          goToApp();
        });
        return;
      }
      // All the other cases are external providers.
      // Construct provider object for that provider.
      // TODO: implement getProviderForProviderId.
      var provider = getProviderForProviderId(methods[0]);
      // At this point, you should let the user know that they already has an account
      // but with a different provider, and let them validate the fact they want to
      // sign in with this provider.
      // Sign in to provider. Note: browsers usually block popup triggered asynchronously,
      // so in real scenario you should ask the user to click on a "continue" button
      // that will trigger the signInWithPopup.
      auth.signInWithPopup(provider).then(function(result) {
        // Remember that the user may have signed in with an account that has a different email
        // address than the first one. This can happen as Firebase doesn't control the provider's
        // sign in flow and the user is free to login using whichever account they own.
        // Step 4b.
        // Link to Google credential.
        // As we have access to the pending credential, we can directly call the link method.
        result.user.linkAndRetrieveDataWithCredential(pendingCred).then(function(usercred) {
          // Google account successfully linked to the existing Firebase user.
          goToApp();
        });
      });
    });
  }
});

Redirect mode

This error is handled in a similar way in the redirect mode, with the difference that the pending credential has to be cached between page redirects (for example, using session storage).

Advanced: Handle the sign-in flow manually

You can also authenticate with Firebase using a Google Account by handling the sign-in flow with the Google Sign-In SDK:

1. Integrate Google Sign-In into your app by following the integration guide. Be sure to configure Google Sign-In with the Google Client ID generated for your Firebase project. You can find your project's Google Client ID in your Project's Developers Console Credentials page. Then replace:

   <!-- **********************************************
        * TODO(DEVELOPER): Use your Client ID below. *
        ********************************************** -->
   <meta name="google-signin-client_id" content="YOUR_CLIENT_ID">
   <meta name="google-signin-cookiepolicy" content="single_host_origin">
   <meta name="google-signin-scope" content="profile email">

   After you integrate Google Sign-In, your web page has a Google Sign-In button configured with a callback function, as in the following example:

   <div class="g-signin2" data-onsuccess="onSignIn" data-theme="dark"></div>

2. In the sign-in button's result callback, exchange the ID token from the Google's auth response for a Firebase credential and sign-in Firebase:

   Web v8

   function onSignIn(googleUser) {
     console.log('Google Auth Response', googleUser);
     // We need to register an Observer on Firebase Auth to make sure auth is initialized.
     var unsubscribe = firebase.auth().onAuthStateChanged((firebaseUser) => {
       unsubscribe();
       // Check if we are already signed-in Firebase with the correct user.
       if (!isUserEqual(googleUser, firebaseUser)) {
         // Build Firebase credential with the Google ID token.
         var credential = firebase.auth.GoogleAuthProvider.credential(
             googleUser.getAuthResponse().id_token);
   
         // Sign in with credential from the Google user.
         firebase.auth().signInWithCredential(credential).catch((error) => {
           // Handle Errors here.
           var errorCode = error.code;
           var errorMessage = error.message;
           // The email of the user's account used.
           var email = error.email;
           // The firebase.auth.AuthCredential type that was used.
           var credential = error.credential;
           // ...
         });
       } else {
         console.log('User already signed-in Firebase.');
       }
     });
   }
   google-signin.js

   Web v9

   import { getAuth, onAuthStateChanged, signInWithCredential, GoogleAuthProvider } from "firebase/auth";
   const auth = getAuth();
   
   function onSignIn(googleUser) {
     console.log('Google Auth Response', googleUser);
     // We need to register an Observer on Firebase Auth to make sure auth is initialized.
     const unsubscribe = onAuthStateChanged(auth, (firebaseUser) => {
       unsubscribe();
       // Check if we are already signed-in Firebase with the correct user.
       if (!isUserEqual(googleUser, firebaseUser)) {
         // Build Firebase credential with the Google ID token.
         const credential = GoogleAuthProvider.credential(
             googleUser.getAuthResponse().id_token);
   
         // Sign in with credential from the Google user.
         signInWithCredential(auth, credential).catch((error) => {
           // Handle Errors here.
           const errorCode = error.code;
           const errorMessage = error.message;
           // The email of the user's account used.
           const email = error.email;
           // The credential that was used.
           const credential = GoogleAuthProvider.credentialFromError(error);
           // ...
         });
       } else {
         console.log('User already signed-in Firebase.');
       }
     });
   }
   auth_google_callback.js

   This is also where you can catch and handle errors. For a list of error codes have a look at the Auth Reference Docs.
3. Also you should check that the Google user is not already signed-in Firebase to avoid un-needed re-auth:

   Web v8

   function isUserEqual(googleUser, firebaseUser) {
     if (firebaseUser) {
       var providerData = firebaseUser.providerData;
       for (var i = 0; i < providerData.length; i++) {
         if (providerData[i].providerId === firebase.auth.GoogleAuthProvider.PROVIDER_ID &&
             providerData[i].uid === googleUser.getBasicProfile().getId()) {
           // We don't need to reauth the Firebase connection.
           return true;
         }
       }
     }
     return false;
   }
   google-signin.js

   Web v9

   import { GoogleAuthProvider } from "firebase/auth";
   
   function isUserEqual(googleUser, firebaseUser) {
     if (firebaseUser) {
       const providerData = firebaseUser.providerData;
       for (let i = 0; i < providerData.length; i++) {
         if (providerData[i].providerId === GoogleAuthProvider.PROVIDER_ID &&
             providerData[i].uid === googleUser.getBasicProfile().getId()) {
           // We don't need to reauth the Firebase connection.
           return true;
         }
       }
     }
     return false;
   }
   auth_google_checksameuser.js

Advanced: Authenticate with Firebase in Node.js

To authenticate with Firebase in a Node.js application:

1. Sign in the user with their Google Account and get the user's Google ID token. You can accomplish this in several ways. For example:
   • If your app has a browser front end, use Google Sign-In as described in the Handle the sign-in flow manually section. Get the Google ID token from the auth response:

     var id_token = googleUser.getAuthResponse().id_token

     Then, send this token to your Node.js app.
   • If your app runs on a device with limited input capabilities, such as a TV, you can use the Google Sign-In for TVs and Devices flow.
2. After you get the user's Google ID token, use it to build a Credential object and then sign in the user with the credential:

   Web v8

   // Build Firebase credential with the Google ID token.
   var credential = firebase.auth.GoogleAuthProvider.credential(id_token);
   
   // Sign in with credential from the Google user.
   firebase.auth().signInWithCredential(credential).catch((error) => {
     // Handle Errors here.
     var errorCode = error.code;
     var errorMessage = error.message;
     // The email of the user's account used.
     var email = error.email;
     // The firebase.auth.AuthCredential type that was used.
     var credential = error.credential;
     // ...
   });
   google-signin.js

   Web v9

   import { getAuth, signInWithCredential, GoogleAuthProvider } from "firebase/auth";
   
   // Build Firebase credential with the Google ID token.
   const credential = GoogleAuthProvider.credential(id_token);
   
   // Sign in with credential from the Google user.
   const auth = getAuth();
   signInWithCredential(auth, credential).catch((error) => {
     // Handle Errors here.
     const errorCode = error.code;
     const errorMessage = error.message;
     // The email of the user's account used.
     const email = error.email;
     // The AuthCredential type that was used.
     const credential = GoogleAuthProvider.credentialFromError(error);
     // ...
   });
   auth_google_build_signin.js

Customizing the redirect domain for Google sign-in

On project creation, Firebase will provision a unique subdomain for your project: https://my-app-12345.firebaseapp.com.

This will also be used as the redirect mechanism for OAuth sign in. That domain would need to be allowed for all supported OAuth providers. However, this means that users may see that domain while signing in to Google before redirecting back to the application: Continue to: https://my-app-12345.firebaseapp.com.

To avoid displaying your subdomain, you can set up a custom domain with Firebase Hosting:

1. Follow steps 1 through 3 in Set up your domain for Hosting. When you verify your domain ownership, Hosting provisions an SSL certificate for your custom domain.
2. Add your custom domain to the list of authorized domains in the Firebase console: auth.custom.domain.com.
3. In the Google developer console or OAuth setup page, whitelist the URL of the redirect page, which will be accessible on your custom domain: https://auth.custom.domain.com/__/auth/handler.
4. When you initialize the JavaScript library, specify your custom domain with the authDomain field:

   var config = {
     apiKey: '...',
     // Changed from 'my-app-12345.firebaseapp.com'.
     authDomain: 'auth.custom.domain.com',
     databaseURL: 'https://my-app-12345.firebaseio.com',
     projectId: 'my-app-12345',
     storageBucket: 'my-app-12345.appspot.com',
     messagingSenderId: '1234567890'
   };
   firebase.initializeApp(config);