Forum Academy Marketplace Showcase Pricing Features

Is the official Google login/signup plugin broken or am I going crazy?

I can login in development version but not in live version. In live I get the error “this email is already in use”. I’ve used this same email / workflow combo to login to both my dev and live environments many times. Have not made any workflow or plugin config changes that would cause this.

image

Go to the live DB, and in users, check if a user with that email already exists (perhaps through a previous/test Bubble standard email sign-up).

@deadpoetnsp, thanks for the reply. Sorry for my delayed reply.

There is definitely a user with that email in the live version. Should that matter?

  1. The Google plugin has a signup / login workflow action. There are not separate login / signup workflows.
  2. I’ve both signed up and logged in with this email using the Google plugin previously. I do not believe I’ve changed any workflows since then.
  3. I’m able to log existing users in using this workflow in the development version.

Here’s the workflow showing that the workflow action is the same for login / signup.

It matters. For OAuth (Google, FB, etc) there is no distinction between sign up and log in (this is not a Bubble thing, but an OAuth thing).

As a result, when using OAuth, before authentication, you will not know whether the user had previously signed up or not.

This results in the following scenarios, for different combinations of email sign up and/or email/OAuth login.

If the user has previously signed up with email, they have to be first logged in with email to subsequently also use OAuth for the first time they use OAuth, if the OAuth account is associated with the same email id. Once this is done, thereafter they can log in via email or OAuth.

If the user has previously signed up with email, and they are logged out, and if they try to use OAuth, Bubble will show the error (email already in use). The only way forward is to log in with email, then do OAuth. But as said above, this only needs to be done in this order once.

If the user has never signed up with email, and signs up with OAuth for they first time, they cannot later use Bubble’s “sign up” workflow for their email.

All the variations you see can be traced to one of these three scenarios. Any deviation is because the development and live DB is different. The live DB sign-ups are independent of development DB sign-ups.

In my Bubble app, if a user initially signs up with their email, and they go to the settings page, they see a button that lets them add OAuth, and subsequently they can use either to log in.

It is a good idea to send a confirmation email to the user which tells them how they signed up (email, FB, Google, etc) on their first sign up. You can also create fields or use Bubble’s auto-generated fields to keep track of the way in which a user has authenticated. For example, user’s Google is not empty, etc.

1 Like

Thanks for the explanation!

I figured out what’s going on. I have a couple of google identities. For one of those identities I used the traditional email/pass login the first time, not OAuth. It was a different google identity with which I remembered successfully using the google OAuth login.

So now I know what’s happening. Still not sure why it’s designed that way.

I found another thread in which Bubble’s Head of Success says it’s for security. Someone else could create an account with an OAuth provider with your email and then use that OAuth to login to your account.

But that explanation doesn’t seem to make sense to me. Bubble doesn’t offer an OAuth plugin. They offer a Google OAuth plugin, a FB OAuth plugin, etc. Google and FB require email confirm when signing up so I don’t think the attack they describe is possible and OAuth login should be possible even if a user first signed up with email.

If there are any OAuth providers that don’t require email confirm, make those providers throw the email already in use error.

I know you don’t make those decisions but I’m just venting. Sending them an email telling them how they signed up and expecting them to go digging for that email is bad UX. So is having them manually link social account after sign up.

I think there’s a way to customize error messages. I know some are customizable - did it once - not sure if the email already in use one is though. If it is, I’d like to customize that error to tell the user how they signed up and to try logging in using that method so the user has the relevant info at their fingertips.

1 Like

Agreed