fix: anonymous upgrade, link accounts silently if possible

Author: russellwheatley

FirebaseSwiftUI/FirebaseAuthSwiftUI/Sources/AuthServiceError.swift

@@ -15,18 +15,59 @@
 import FirebaseAuth
 import SwiftUI
 
-public struct AccountMergeConflictContext: LocalizedError, Identifiable {
+/// Describes the specific type of account conflict that occurred
+public enum AccountConflictType: Equatable {
+  /// Account exists with a different provider (e.g., user signed up with Google, trying to use email)
+  /// Solution: Sign in with existing provider, then link the new credential
+  case accountExistsWithDifferentCredential
+  
+  /// The credential is already linked to another account
+  /// Solution: User must sign in with that account or unlink the credential
+  case credentialAlreadyInUse
+  
+  /// Email is already registered with another method
+  /// Solution: Sign in with existing method, then link if desired
+  case emailAlreadyInUse
+  
+  /// Trying to link anonymous account to an existing account
+  /// Solution: Sign out of anonymous, then sign in with the credential
+  case anonymousUpgradeConflict
+}
+
+public struct AccountConflictContext: LocalizedError, Identifiable, Equatable {
   public let id = UUID()
+  public let conflictType: AccountConflictType
   public let credential: AuthCredential
   public let underlyingError: Error
   public let message: String
-  public let uid: String?
   public let email: String?
-  public let requiresManualLinking: Bool
-
+  public let existingProviderIds: [String]?
+  
+  /// Indicates if this conflict occurred during anonymous user upgrade
+  public let isAnonymousUpgrade: Bool
+  
+  /// Human-readable description of the conflict type
+  public var conflictDescription: String {
+    switch conflictType {
+    case .accountExistsWithDifferentCredential:
+      return "This account is already registered with a different sign-in method."
+    case .credentialAlreadyInUse:
+      return "This credential is already linked to another account."
+    case .emailAlreadyInUse:
+      return "This email address is already in use."
+    case .anonymousUpgradeConflict:
+      return "Cannot link anonymous account to an existing account."
+    }
+  }
+  
   public var errorDescription: String? {
     return message
   }
+  
+  public static func == (lhs: AccountConflictContext, rhs: AccountConflictContext) -> Bool {
+    // Compare by id since each AccountConflictContext instance is unique
+    lhs.id == rhs.id
+  }
 }
 
 public enum AuthServiceError: LocalizedError {
@@ -37,7 +78,7 @@ public enum AuthServiceError: LocalizedError {
   case reauthenticationRequired(String)
   case invalidCredentials(String)
   case signInFailed(underlying: Error)
-  case accountMergeConflict(context: AccountMergeConflictContext)
+  case accountConflict(AccountConflictContext)
   case providerNotFound(String)
   case multiFactorAuth(String)
   case rootViewControllerNotFound(String)
@@ -66,7 +107,7 @@ public enum AuthServiceError: LocalizedError {
       return description
     case let .signInCancelled(description):
       return description
-    case let .accountMergeConflict(context):
+    case let .accountConflict(context):
       return context.errorDescription
     case let .providerNotFound(description):
       return description

FirebaseSwiftUI/FirebaseAuthSwiftUI/Sources/Services/AuthService.swift

@@ -134,6 +134,9 @@ public final class AuthService {
   public let passwordPrompt: PasswordPromptCoordinator = .init()
   public var currentMFARequired: MFARequired?
   private var currentMFAResolver: MultiFactorResolver?
+  
+  /// Current account conflict context - observe this to handle conflicts and update backend
+  public private(set) var currentAccountConflict: AccountConflictContext?
 
   // MARK: - Provider APIs
 
@@ -205,6 +208,7 @@ public final class AuthService {
 
   func reset() {
     currentError = nil
+    currentAccountConflict = nil
   }
 
   func updateError(title: String = "Error", message: String, underlyingError: Error? = nil) {
@@ -279,6 +283,25 @@ public final class AuthService {
           .userInfo[AuthErrorUserInfoMultiFactorResolverKey] as? MultiFactorResolver {
           return handleMFARequiredError(resolver: resolver)
         }
+      }
+      // Check for account conflict errors
+      else if let conflictType = determineConflictType(from: error) {
+        let context = createConflictContext(
+          from: error,
+          conflictType: conflictType,
+          credential: credentials
+        )
+        
+        // Store it for consumers to observe
+        currentAccountConflict = context
+        
+        // Only set error alert if we're NOT auto-handling it
+        if conflictType != .anonymousUpgradeConflict {
+          updateError(message: context.message, underlyingError: error)
+        }
+        
+        // Throw the specific error with context
+        throw AuthServiceError.accountConflict(context)
       } else {
         // Don't want error modal on MFA error so we only update here
         updateError(message: string.localizedErrorMessage(for: error), underlyingError: error)
@@ -370,9 +393,9 @@ public extension AuthService {
       }
     } catch {
       authenticationState = .unauthenticated
-      // ALWAYS store error - let view layer decide what to do
+      // store error if consumer wants to handle it
       updateError(message: string.localizedErrorMessage(for: error), underlyingError: error)
-      // ALWAYS throw - let view layer decide how to handle
+      // throw error to view layer
       throw error
     }
   }
@@ -832,6 +855,40 @@ public extension AuthService {
     }
   }
 
+  // MARK: - Account Conflict Helper Methods
+  
+  private func determineConflictType(from error: NSError) -> AccountConflictType? {
+    switch error.code {
+    case AuthErrorCode.accountExistsWithDifferentCredential.rawValue:
+      return shouldHandleAnonymousUpgrade ? .anonymousUpgradeConflict : .accountExistsWithDifferentCredential
+    case AuthErrorCode.credentialAlreadyInUse.rawValue:
+      return shouldHandleAnonymousUpgrade ? .anonymousUpgradeConflict : .credentialAlreadyInUse
+    case AuthErrorCode.emailAlreadyInUse.rawValue:
+      return shouldHandleAnonymousUpgrade ? .anonymousUpgradeConflict :.emailAlreadyInUse
+    default:
+      return nil
+    }
+  }
+  
+  private func createConflictContext(
+    from error: NSError,
+    conflictType: AccountConflictType,
+    credential: AuthCredential
+  ) -> AccountConflictContext {
+    let updatedCredential = error.userInfo[AuthErrorUserInfoUpdatedCredentialKey] as? AuthCredential ?? credential
+    let email = error.userInfo[AuthErrorUserInfoEmailKey] as? String
+    
+    return AccountConflictContext(
+      conflictType: conflictType,
+      credential: updatedCredential,
+      underlyingError: error,
+      message: string.localizedErrorMessage(for: error),
+      email: email,
+      existingProviderIds: nil,
+      isAnonymousUpgrade: shouldHandleAnonymousUpgrade
+    )
+  }
+
   // MARK: - MFA Helper Methods
 
   private func extractMFAHints(from resolver: MultiFactorResolver) -> [MFAHint] {

FirebaseSwiftUI/FirebaseAuthSwiftUI/Sources/Views/AuthPickerView.swift

@@ -63,9 +63,9 @@ extension AuthPickerView: View {
         }
         .interactiveDismissDisabled(authService.configuration.interactiveDismissEnabled)
       }
-      // View-layer logic: Intercept credential conflict errors and store for auto-linking
-      .onChange(of: authService.currentError) { _, newValue in
-        handleCredentialConflictError(newValue)
+      // View-layer logic: Handle account conflicts (auto-handle anonymous upgrade, store others for linking)
+      .onChange(of: authService.currentAccountConflict) { _, conflict in
+        handleAccountConflict(conflict)
       }
       // View-layer logic: Auto-link pending credential after successful sign-in
       .onChange(of: authService.authenticationState) { _, newState in
@@ -75,23 +75,30 @@ extension AuthPickerView: View {
       }
   }
 
-  /// View-layer logic: Handle credential conflict errors by storing credential for auto-linking
-  private func handleCredentialConflictError(_ error: AlertError?) {
-    guard let error = error,
-          let nsError = error.underlyingError as? NSError else { return }
+  /// View-layer logic: Handle account conflicts with type-specific behavior
+  private func handleAccountConflict(_ conflict: AccountConflictContext?) {
+    guard let conflict = conflict else { return }
 
-    // Check if this is a credential conflict error that should trigger auto-linking
-    let shouldStoreCredential =
-      nsError.code == AuthErrorCode.accountExistsWithDifferentCredential.rawValue || // 17007
-      nsError.code == AuthErrorCode.credentialAlreadyInUse.rawValue ||               // 17025
-      nsError.code == AuthErrorCode.emailAlreadyInUse.rawValue ||                    // 17020
-      nsError.code == 17094                                                           // duplicate credential
-    
-    if shouldStoreCredential {
-      // Extract the credential from the error and store it
-      let credential = nsError.userInfo[AuthErrorUserInfoUpdatedCredentialKey] as? AuthCredential
-      pendingCredentialForLinking = credential
-      // Error still propagates to user via normal error modal
+    // Only auto-handle anonymous upgrade conflicts
+    if conflict.conflictType == .anonymousUpgradeConflict {
+      Task {
+        do {
+          // Sign out the anonymous user
+          try await authService.signOut()
+          
+          // Sign in with the new credential
+          _ = try await authService.signIn(credentials: conflict.credential)
+          
+          // Successfully handled - conflict and error are cleared automatically by reset()
+        } catch {
+          // Error will be shown via normal error handling
+          // Credential is still stored if they want to retry
+        }
+      }
+    } else {
+      // Other conflicts: store credential for potential linking after sign-in
+      pendingCredentialForLinking = conflict.credential
+      // Error modal will show for user to see and handle
     }
   }
 

FirebaseSwiftUI/FirebaseAuthSwiftUI/Sources/Views/ErrorAlertView.swift

@@ -28,6 +28,13 @@ struct ErrorAlertModifier: ViewModifier {
     if error.underlyingError is CancellationError {
       return false
     }
+    
+    // Don't show alert for anonymous upgrade conflicts (they're auto-handled)
+    if let authError = error.underlyingError as? AuthServiceError,
+       case .accountConflict(let context) = authError,
+       context.conflictType == .anonymousUpgradeConflict {
+      return false
+    }
 
     return true
   }