firebase
diff --git a/‎FirebaseSwiftUI/FirebaseAppleSwiftUI/Sources/Views/SignInWithAppleButton.swift‎
Lines changed: 1 addition & 2 deletions b/‎FirebaseSwiftUI/FirebaseAppleSwiftUI/Sources/Views/SignInWithAppleButton.swift‎
Lines changed: 1 addition & 2 deletions
diff --git a/‎FirebaseSwiftUI/FirebaseAuthSwiftUI/Sources/AuthServiceError.swift‎
Lines changed: 3 additions & 0 deletions b/‎FirebaseSwiftUI/FirebaseAuthSwiftUI/Sources/AuthServiceError.swift‎
Lines changed: 3 additions & 0 deletions
diff --git a/‎FirebaseSwiftUI/FirebaseAuthSwiftUI/Sources/Services/AuthConfiguration.swift‎
Lines changed: 3 additions & 0 deletions b/‎FirebaseSwiftUI/FirebaseAuthSwiftUI/Sources/Services/AuthConfiguration.swift‎
Lines changed: 3 additions & 0 deletions
diff --git a/‎FirebaseSwiftUI/FirebaseAuthSwiftUI/Sources/Services/AuthService.swift‎
Lines changed: 216 additions & 1 deletion b/‎FirebaseSwiftUI/FirebaseAuthSwiftUI/Sources/Services/AuthService.swift‎
Lines changed: 216 additions & 1 deletion
diff --git a/‎FirebaseSwiftUI/FirebaseAuthSwiftUI/Sources/Utils/StringUtils.swift‎
Lines changed: 42 additions & 0 deletions b/‎FirebaseSwiftUI/FirebaseAuthSwiftUI/Sources/Utils/StringUtils.swift‎
Lines changed: 42 additions & 0 deletions
@@ -47,14 +47,13 @@ extension SignInWithAppleButton: View {
             return
           }
         } catch {
-          reportError?(error)
-
           if case let AuthServiceError.accountConflict(ctx) = error,
              let onConflict = accountConflictHandler {
             onConflict(ctx)
             return
           }
 
+          reportError?(error)
           throw error
         }
       }
 
@@ -164,6 +164,7 @@ public enum AuthServiceError: LocalizedError {
   case invalidCredentials(String)
   case signInFailed(underlying: Error)
   case accountConflict(AccountConflictContext)
+  case legacySignInRecoveryPresented
   case providerNotFound(String)
   case multiFactorAuth(String)
   case rootViewControllerNotFound(String)
@@ -200,6 +201,8 @@ public enum AuthServiceError: LocalizedError {
       return description
     case let .accountConflict(context):
       return context.errorDescription
+    case .legacySignInRecoveryPresented:
+      return nil
     case let .providerNotFound(description):
       return description
     case let .multiFactorAuth(description):
 
@@ -22,6 +22,7 @@ public struct AuthConfiguration {
   public let shouldHideCancelButton: Bool
   public let interactiveDismissEnabled: Bool
   public let shouldAutoUpgradeAnonymousUsers: Bool
+  public let legacyFetchSignInWithEmail: Bool
   public let customStringsBundle: Bundle?
   public let tosUrl: URL?
   public let privacyPolicyUrl: URL?
@@ -39,6 +40,7 @@ public struct AuthConfiguration {
               shouldHideCancelButton: Bool = false,
               interactiveDismissEnabled: Bool = true,
               shouldAutoUpgradeAnonymousUsers: Bool = false,
+              legacyFetchSignInWithEmail: Bool = false,
               customStringsBundle: Bundle? = nil,
               tosUrl: URL? = nil,
               privacyPolicyUrl: URL? = nil,
@@ -51,6 +53,7 @@ public struct AuthConfiguration {
     self.shouldHideCancelButton = shouldHideCancelButton
     self.interactiveDismissEnabled = interactiveDismissEnabled
     self.shouldAutoUpgradeAnonymousUsers = shouldAutoUpgradeAnonymousUsers
+    self.legacyFetchSignInWithEmail = legacyFetchSignInWithEmail
     self.customStringsBundle = customStringsBundle
     self.languageCode = languageCode
     self.tosUrl = tosUrl
 
@@ -60,6 +60,36 @@ public enum SignInOutcome: @unchecked Sendable {
   case signedIn(AuthDataResult?)
 }
 
+public struct LegacySignInOption: Identifiable, Equatable {
+  public let id: String
+  public let displayName: String
+
+  public init(id: String, displayName: String) {
+    self.id = id
+    self.displayName = displayName
+  }
+}
+
+public struct LegacySignInRecoveryContext: Identifiable, Equatable {
+  public let id = UUID()
+  public let email: String
+  public let options: [LegacySignInOption]
+  public let unavailableProviders: [String]
+
+  public init(email: String,
+              options: [LegacySignInOption],
+              unavailableProviders: [String] = []) {
+    self.email = email
+    self.options = options
+    self.unavailableProviders = unavailableProviders
+  }
+
+  public static func == (lhs: LegacySignInRecoveryContext,
+                         rhs: LegacySignInRecoveryContext) -> Bool {
+    lhs.id == rhs.id
+  }
+}
+
 @MainActor
 private final class AuthListenerManager {
   private var authStateHandle: AuthStateDidChangeListenerHandle?
@@ -131,6 +161,7 @@ public final class AuthService {
   private var listenerManager: AuthListenerManager?
   private var emailLinkSignInCallback: (() -> Void)?
   private var providers: [AuthProviderUI] = []
+  private let emailLinkSignInMethod = "emailLink"
 
   public let configuration: AuthConfiguration
   public let auth: Auth
@@ -141,6 +172,8 @@ public final class AuthService {
   public var authenticationFlow: AuthenticationFlow = .signIn
   public var emailPasswordSignInEnabled = false
   public var emailLinkSignInEnabled = false
+  public var legacySignInRecovery: LegacySignInRecoveryContext?
+  public var suggestedEmailAddress: String?
   public private(set) var navigator = Navigator()
 
   public var authView: AuthView? {
@@ -174,6 +207,18 @@ public final class AuthService {
     )
   }
 
+  public func renderLegacyRecoveryButtons(spacing: CGFloat = 16) -> AnyView {
+    AnyView(
+      VStack(spacing: spacing) {
+        if let recovery = legacySignInRecovery {
+          ForEach(recovery.options) { option in
+            self.legacyRecoveryButton(for: option, email: recovery.email)
+          }
+        }
+      }
+    )
+  }
+
   public func signIn(_ provider: CredentialAuthProviderSwift) async throws -> SignInOutcome {
     let credential = try await provider.createAuthCredential()
     let result = try await signIn(credentials: credential)
@@ -189,6 +234,8 @@ public final class AuthService {
     // Clear email link reauth state
     emailLinkReauth = nil
     isReauthenticating = false
+    legacySignInRecovery = nil
+    suggestedEmailAddress = nil
     updateAuthenticationState()
   }
 
@@ -354,7 +401,17 @@ public extension AuthService {
 
   func signIn(email: String, password: String) async throws -> SignInOutcome {
     let credential = EmailAuthProvider.credential(withEmail: email, password: password)
-    return try await signIn(credentials: credential)
+    do {
+      return try await signIn(credentials: credential)
+    } catch {
+      if await tryPresentLegacySignInRecovery(
+        email: email,
+        attemptedProviderId: EmailAuthProviderID
+      ) {
+        throw AuthServiceError.legacySignInRecoveryPresented
+      }
+      throw error
+    }
   }
 
   func createUser(email email: String, password: String) async throws -> SignInOutcome {
@@ -854,6 +911,10 @@ private extension AuthService {
       (currentUser == nil || currentUser?.isAnonymous == true)
         ? .unauthenticated
         : .authenticated
+
+    if authenticationState == .authenticated {
+      legacySignInRecovery = nil
+    }
   }
 
   private var shouldHandleAnonymousUpgrade: Bool {
@@ -1010,12 +1071,166 @@ private extension AuthService {
       return "Email"
     case PhoneAuthProviderID:
       return "Phone"
+    case emailLinkSignInMethod:
+      return "Email Link"
     default:
       // Shouldn't reach here if provider is registered
       return providerId
     }
   }
 
+  private func normalizeLegacyOptionId(_ providerId: String) -> String {
+    switch providerId {
+    case PhoneAuthProviderID:
+      return "phone"
+    default:
+      return providerId
+    }
+  }
+
+  private func buildLegacySignInRecovery(email: String,
+                                         signInMethods: [String],
+                                         attemptedProviderId: String?) -> LegacySignInRecoveryContext? {
+    let attemptedOptionId = attemptedProviderId.map(normalizeLegacyOptionId)
+    var options: [LegacySignInOption] = []
+    var unavailableProviders: [String] = []
+
+    for method in signInMethods {
+      if let option = resolveLegacyOption(for: method) {
+        if !options.contains(where: { $0.id == option.id }) {
+          options.append(option)
+        }
+      } else {
+        unavailableProviders.append(getProviderDisplayName(method))
+      }
+    }
+
+    guard !options.isEmpty else {
+      return nil
+    }
+
+    if let attemptedOptionId,
+       options.count == 1,
+       options.first?.id == attemptedOptionId {
+      return nil
+    }
+
+    return LegacySignInRecoveryContext(
+      email: email,
+      options: options,
+      unavailableProviders: unavailableProviders
+    )
+  }
+
+  private func resolveLegacyOption(for signInMethod: String) -> LegacySignInOption? {
+    switch signInMethod {
+    case EmailAuthProviderID:
+      guard emailPasswordSignInEnabled else { return nil }
+      return LegacySignInOption(
+        id: EmailAuthProviderID,
+        displayName: string.legacyEmailPasswordOptionLabel
+      )
+    case emailLinkSignInMethod:
+      guard emailLinkSignInEnabled else { return nil }
+      return LegacySignInOption(
+        id: emailLinkSignInMethod,
+        displayName: string.legacyEmailLinkOptionLabel
+      )
+    default:
+      guard let provider = providers.first(where: { $0.id == normalizeLegacyOptionId(signInMethod) }) else {
+        return nil
+      }
+      return LegacySignInOption(id: provider.id, displayName: provider.displayName)
+    }
+  }
+}
+
+extension AuthService {
+  @discardableResult
+  func tryPresentLegacySignInRecovery(email: String?,
+                                      attemptedProviderId: String?) async -> Bool {
+    guard configuration.legacyFetchSignInWithEmail,
+          let email,
+          !email.isEmpty else {
+      return false
+    }
+
+    do {
+      let signInMethods = try await auth.fetchSignInMethods(forEmail: email)
+      guard let recovery = buildLegacySignInRecovery(
+        email: email,
+        signInMethods: signInMethods,
+        attemptedProviderId: attemptedProviderId
+      ) else {
+        return false
+      }
+      legacySignInRecovery = recovery
+      return true
+    } catch {
+      return false
+    }
+  }
+
+  func dismissLegacySignInRecovery() {
+    legacySignInRecovery = nil
+  }
+
+  func startLegacyRecovery(option: LegacySignInOption, email: String) {
+    suggestedEmailAddress = email
+    dismissLegacySignInRecovery()
+    authenticationFlow = .signIn
+
+    switch option.id {
+    case EmailAuthProviderID:
+      navigator.clear()
+    case emailLinkSignInMethod:
+      navigator.clear()
+      navigator.push(.emailLink)
+    case "phone":
+      navigator.clear()
+      navigator.push(.enterPhoneNumber)
+    default:
+      break
+    }
+  }
+
+  @ViewBuilder
+  private func legacyRecoveryButton(for option: LegacySignInOption,
+                                    email: String) -> some View {
+    switch option.id {
+    case EmailAuthProviderID:
+      AuthProviderButton(
+        label: option.displayName,
+        style: .email,
+        accessibilityId: "legacy-sign-in-with-email-button"
+      ) {
+        self.startLegacyRecovery(option: option, email: email)
+      }
+    case emailLinkSignInMethod:
+      AuthProviderButton(
+        label: option.displayName,
+        style: .email,
+        accessibilityId: "legacy-sign-in-with-email-link-button"
+      ) {
+        self.startLegacyRecovery(option: option, email: email)
+      }
+    case "phone":
+      AuthProviderButton(
+        label: option.displayName,
+        style: .phone,
+        accessibilityId: "legacy-sign-in-with-phone-button"
+      ) {
+        self.startLegacyRecovery(option: option, email: email)
+      }
+    default:
+      if let provider = providers.first(where: { $0.id == option.id }) {
+        provider.authButton()
+      }
+    }
+  }
+}
+
+private extension AuthService {
   // MARK: - Account Conflict Helper Methods
 
   private func determineConflictType(from error: NSError) -> AccountConflictType? {
 
@@ -297,6 +297,48 @@ public class StringUtils {
     return localizedString(for: "Cancel")
   }
 
+  /// Legacy sign-in recovery title
+  /// found in:
+  /// - LegacySignInRecoveryView
+  public var legacySignInRecoveryTitle: String {
+    return localizedString(for: "Use a previous sign-in method")
+  }
+
+  /// Legacy sign-in recovery message
+  /// found in:
+  /// - LegacySignInRecoveryView
+  public func legacySignInRecoveryMessage(email: String) -> String {
+    return String(
+      format: localizedString(
+        for: "You previously signed in with one of these methods for %@."
+      ),
+      email
+    )
+  }
+
+  /// Legacy sign-in recovery helper copy
+  /// found in:
+  /// - LegacySignInRecoveryView
+  public var legacySignInRecoveryUnavailableMessage: String {
+    return localizedString(
+      for: "Some previous sign-in methods are not enabled in this app."
+    )
+  }
+
+  /// Legacy sign-in recovery email/password option
+  /// found in:
+  /// - LegacySignInRecoveryView
+  public var legacyEmailPasswordOptionLabel: String {
+    return localizedString(for: "Continue with email and password")
+  }
+
+  /// Legacy sign-in recovery email link option
+  /// found in:
+  /// - LegacySignInRecoveryView
+  public var legacyEmailLinkOptionLabel: String {
+    return localizedString(for: "Continue with email link")
+  }
+
   /// Email provider
   /// found in:
   /// - AuthPickerView
Original file line number	Diff line number	Diff line change
`@@ -47,14 +47,13 @@ extension SignInWithAppleButton: View {`
`47`	`47`	`return`
`48`	`48`	`}`
`49`	`49`	`} catch {`
`50`		`- reportError?(error)`
`51`		`-`
`52`	`50`	`if case let AuthServiceError.accountConflict(ctx) = error,`
`53`	`51`	`let onConflict = accountConflictHandler {`
`54`	`52`	`onConflict(ctx)`
`55`	`53`	`return`
`56`	`54`	`}`
`57`	`55`
	`56`	`+ reportError?(error)`
`58`	`57`	`throw error`
`59`	`58`	`}`
`60`	`59`	`}`