feat: attempt re auth in Views if credential already exists

Author: russellwheatley

FirebaseSwiftUI/FirebaseAuthSwiftUI/Sources/AuthServiceError.swift

@@ -15,12 +15,14 @@
 import FirebaseAuth
 import SwiftUI
 
-public struct AccountMergeConflictContext: LocalizedError {
+public struct AccountMergeConflictContext: LocalizedError, Identifiable {
+  public let id = UUID()
   public let credential: AuthCredential
   public let underlyingError: Error
   public let message: String
-  // TODO: - should make this User type once fixed upstream in firebase-ios-sdk. See: https://github.com/firebase/FirebaseUI-iOS/pull/1247#discussion_r2085455355
   public let uid: String?
+  public let email: String?
+  public let requiresManualLinking: Bool
 
   public var errorDescription: String? {
     return message

FirebaseSwiftUI/FirebaseAuthSwiftUI/Sources/Services/AuthService.swift

@@ -245,6 +245,24 @@ public final class AuthService {
     }
   }
 
+  // Real account? → Requires proof of ownership → requiresManualLinking = true
+  private func handleAccountExistsError(_ error: NSError, with credentials: AuthCredential) throws {
+    let email = error.userInfo["FIRAuthErrorUserInfoEmailKey"] as? String
+    let updatedCredential = error.userInfo["FIRAuthUpdatedCredentialKey"] as? AuthCredential
+      ?? credentials
+
+    let context = AccountMergeConflictContext(
+      credential: updatedCredential,
+      underlyingError: error,
+      message: "An account already exists with \(email ?? "this email"). Please sign in with your existing method to link accounts.",
+      uid: nil,
+      email: email,
+      requiresManualLinking: true
+    )
+
+    throw AuthServiceError.accountMergeConflict(context: context)
+  }
+
   private func handleAutoUpgradeAnonymousUser(credentials: AuthCredential) async throws
     -> SignInOutcome {
     if currentUser == nil {
@@ -255,17 +273,24 @@ public final class AuthService {
       updateAuthenticationState()
       return .signedIn(result)
     } catch let error as NSError {
+      // Handle accountExistsWithDifferentCredential error
+      if error.code == AuthErrorCode.accountExistsWithDifferentCredential.rawValue {
+        try handleAccountExistsError(error, with: credentials)
+      }
+
       // Handle credentialAlreadyInUse error
       if error.code == AuthErrorCode.credentialAlreadyInUse.rawValue {
         // Extract the updated credential from the error
         let updatedCredential = error.userInfo["FIRAuthUpdatedCredentialKey"] as? AuthCredential
           ?? credentials
-
         let context = AccountMergeConflictContext(
           credential: updatedCredential,
           underlyingError: error,
           message: "Unable to merge accounts. The credential is already associated with a different account.",
-          uid: currentUser?.uid
+          uid: currentUser?.uid,
+          email: nil,
+          // Anonymous account? → Safe to discard → requiresManualLinking = false
+          requiresManualLinking: false
         )
         throw AuthServiceError.accountMergeConflict(context: context)
       }
@@ -276,7 +301,10 @@ public final class AuthService {
           credential: credentials,
           underlyingError: error,
           message: "Unable to merge accounts. This email is already associated with a different account.",
-          uid: currentUser?.uid
+          uid: currentUser?.uid,
+          email: nil,
+          // Anonymous account? → Safe to discard → requiresManualLinking = false
+          requiresManualLinking: false
         )
         throw AuthServiceError.accountMergeConflict(context: context)
       }
@@ -296,6 +324,12 @@ public final class AuthService {
       }
     } catch let error as NSError {
       authenticationState = .unauthenticated
+
+      // Handle account exists with different credential
+      if error.code == AuthErrorCode.accountExistsWithDifferentCredential.rawValue {
+        try handleAccountExistsError(error, with: credentials)
+      }
+
       // Check if this is an MFA required error
       if error.code == AuthErrorCode.secondFactorRequired.rawValue {
         if let resolver = error

FirebaseSwiftUI/FirebaseAuthSwiftUI/Sources/Views/AccountLinkingView.swift

@@ -0,0 +1,122 @@
+// Copyright 2025 Google LLC
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+import FirebaseAuth
+import FirebaseAuthUIComponents
+import FirebaseCore
+import SwiftUI
+
+@MainActor
+public struct AccountLinkingView {
+  @Environment(AuthService.self) private var authService
+  @Environment(\.dismiss) private var dismiss
+
+  let context: AccountMergeConflictContext
+
+  public init(context: AccountMergeConflictContext) {
+    self.context = context
+  }
+}
+
+extension AccountLinkingView: View {
+  public var body: some View {
+    VStack(spacing: 24) {
+      // Warning icon
+      Image(systemName: "exclamationmark.triangle.fill")
+        .resizable()
+        .aspectRatio(contentMode: .fit)
+        .frame(width: 60, height: 60)
+        .foregroundColor(.orange)
+
+      // Title
+      Text("Account Already Exists")
+        .font(.title2)
+        .fontWeight(.bold)
+
+      // Message
+      Text(
+        "An account with **\(context.email ?? "this email")** already exists. Please sign in with your existing authentication method below to link your accounts."
+      )
+      .multilineTextAlignment(.center)
+      .fixedSize(horizontal: false, vertical: true)
+
+      Divider()
+
+      // Sign in methods section
+      VStack(spacing: 16) {
+        Text("Sign in with your existing method:")
+          .font(.headline)
+
+        if authService.emailSignInEnabled {
+          EmailAuthView()
+            .environment(\.signInWithMergeConflictHandler, signInForAccountLinking)
+        }
+
+        // Show other provider buttons
+        authService.renderButtons()
+          .environment(\.signInWithMergeConflictHandler, signInForAccountLinking)
+      }
+
+      PrivacyTOCsView(displayMode: .full)
+    }
+    .frame(maxWidth: .infinity, maxHeight: .infinity, alignment: .top)
+    .safeAreaPadding()
+    .navigationTitle("Link Accounts")
+    .navigationBarTitleDisplayMode(.inline)
+  }
+
+  /// Custom sign-in handler for account linking flow
+  private func signInForAccountLinking(authService: AuthService,
+                                       signInAction: () async throws -> SignInOutcome) async throws
+    -> SignInOutcome {
+    do {
+      // Attempt to sign in with the existing provider
+      let outcome = try await signInAction()
+
+      // If successful, link the pending credential
+      if case .signedIn = outcome {
+        try await authService.linkAccounts(credentials: context.credential)
+        // Dismiss the sheet after successful linking
+        dismiss()
+      }
+
+      return outcome
+    } catch {
+      // Re-throw the error for normal error handling
+      throw error
+    }
+  }
+}
+
+#Preview {
+  FirebaseOptions.dummyConfigurationForPreview()
+  let authService = AuthService().withEmailSignIn()
+
+  let context = AccountMergeConflictContext(
+    credential: EmailAuthProvider.credential(
+      withEmail: "user@example.com",
+      password: "password"
+    ),
+    underlyingError: NSError(domain: "Test", code: 0),
+    message: "Test error",
+    uid: nil,
+    email: "user@example.com",
+    requiresManualLinking: true
+  )
+
+  return NavigationStack {
+    AccountLinkingView(context: context)
+      .environment(authService)
+  }
+}

FirebaseSwiftUI/FirebaseAuthSwiftUI/Sources/Views/AuthPickerView.swift

@@ -25,11 +25,15 @@ import SwiftUI
 /// an existing account), it automatically signs out the anonymous user and signs in with
 /// the existing account's credential.
 ///
+/// For conflicts that require manual linking (accountExistsWithDifferentCredential),
+/// the error is re-thrown to be handled by the view layer with AccountLinkingView.
+///
 /// - Parameters:
 ///   - authService: The AuthService instance to use for sign-in operations
 ///   - signInAction: An async closure that performs the sign-in operation
 /// - Returns: The SignInOutcome from the successful sign-in
-/// - Throws: Re-throws any errors except accountMergeConflict (which is handled internally)
+/// - Throws: Re-throws any errors except automatic accountMergeConflict (which is handled
+/// internally)
 @MainActor
 public func signInWithMergeConflictHandling(authService: AuthService,
                                             signInAction: () async throws
@@ -38,13 +42,19 @@ public func signInWithMergeConflictHandling(authService: AuthService,
     return try await signInAction()
   } catch let error as AuthServiceError {
     if case let .accountMergeConflict(context) = error {
-      // The anonymous account conflicts with an existing account
-      // Sign out the anonymous user
-      try await authService.signOut()
+      // Check if this requires manual linking (UI flow) or automatic
+      if context.requiresManualLinking {
+        // Re-throw for view layer to handle with AccountLinkingView
+        throw error
+      } else {
+        // Automatic handling for anonymous upgrade
+        // Sign out the anonymous user
+        try await authService.signOut()
 
-      // Sign in with the existing account's credential
-      // This works because shouldHandleAnonymousUpgrade is now false after sign out
-      return try await authService.signIn(credentials: context.credential)
+        // Sign in with the existing account's credential
+        // This works because shouldHandleAnonymousUpgrade is now false after sign out
+        return try await authService.signIn(credentials: context.credential)
+      }
     }
     throw error
   }
@@ -77,6 +87,9 @@ public struct AuthPickerView<Content: View> {
 
   @Environment(AuthService.self) private var authService
   private let content: () -> Content
+
+  // State for account linking
+  @State private var accountLinkingContext: AccountMergeConflictContext?
 }
 
 extension AuthPickerView: View {
@@ -111,6 +124,39 @@ extension AuthPickerView: View {
             }
         }
         .interactiveDismissDisabled(authService.configuration.interactiveDismissEnabled)
+        // Add sheet for account linking
+        .sheet(item: Binding(
+          get: { accountLinkingContext },
+          set: { accountLinkingContext = $0 }
+        )) { context in
+          NavigationStack {
+            AccountLinkingView(context: context)
+              .environment(authService)
+              .toolbar {
+                ToolbarItem(placement: .topBarTrailing) {
+                  if !authService.configuration.shouldHideCancelButton {
+                    Button {
+                      accountLinkingContext = nil
+                    } label: {
+                      Image(systemName: "xmark")
+                    }
+                  }
+                }
+              }
+          }
+        }
+      }
+      // Intercept account linking errors
+      .onChange(of: authService.currentError) { _, newValue in
+        // Check if the underlying error is accountMergeConflict with manual linking required
+        if let error = newValue?.underlyingError as? AuthServiceError,
+           case let .accountMergeConflict(context) = error,
+           context.requiresManualLinking {
+          // Clear the error (we're handling it with the sheet)
+          authService.currentError = nil
+          // Show the account linking sheet
+          accountLinkingContext = context
+        }
       }
   }
 

FirebaseSwiftUI/FirebaseAuthSwiftUI/Sources/Views/ErrorAlertView.swift

@@ -48,7 +48,7 @@ public extension View {
 }
 
 /// A struct to represent an error that should be displayed in an alert
-public struct AlertError: Identifiable {
+public struct AlertError: Identifiable, Equatable {
   public let id = UUID()
   public let title: String
   public let message: String
@@ -59,4 +59,9 @@ public struct AlertError: Identifiable {
     self.message = message
     self.underlyingError = underlyingError
   }
+
+  public static func == (lhs: AlertError, rhs: AlertError) -> Bool {
+    // Compare by id since each AlertError instance is unique
+    lhs.id == rhs.id
+  }
 }