add skipAssertUserNotAuthenticated option to signInWithRedirect

[dehli]

Description of changes

This PR allows you to call signInWithRedirect even when a user is already signed in. The use-case is that we have Google login and some customers want to enforce that their users only sign-in with Google. If a user logs in with their password we will show an error along with a button prompting them to sign-in via Google. With v5, you could call Auth.federatedSignIn even when a user was already logged in. This allows you to similarly call signInWithRedirect.

I'm 50/50 on the name, might want to do the inverse so a truthy value would allow you to skip the assertion.
Edit: Decided to do the inverse instead.

Description of how you validated changes

Used patch-package with these changes.

Checklist

• PR description included
• yarn test passes
  • I'm getting 4 failures that are unrelated to my changes.
• Tests are changed or added
  • Added placeholders for the time being since the function itself only has placeholders. Figured I'd submit the PR without them first.
• Relevant documentation is changed or added (and PR referenced)
  • Is adding comments to interface all that's needed?

By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license.

[cwomack]

Hey, @dehli 👋. We appreciate you opening this PR and will review it internally and reach out if there's further questions or suggestions.

[cwomack]

@dehli, can you provide more context as to why just enforcing Google as your only federated provider for sign-in would not work here? We're not fully understanding what the benefit here would be to allow for an additional call of signInWithRedirect when you already have a user signed in with valid credentials.

[dehli]

Hey @cwomack, for sure! The specific usecase is that you're logged in with your email/password but trying to access something that can only be accessed when logged in via Google.

We have a saas tool that allows you to login with email/password or Google. Some of our customers would like to require that their data is only accessible by users who have logged in with Google. We don't want to force all users to login with Google which is why we needed this functionality.

Let me know if that doesn't make sense or if you can think of a better workaround!