- User signs in anonymously with Firebase (and implicitly with RevenueCat).
- User encounters a paywall and makes a purchase.
- User is redirected to a signup menu with the following sign up options email, Google, Apple.
- When the users signs up we do a account firebase upgrade from anonymous using linkWithCredential.
await Purchases.restorePurchases();
await Purchases.syncPurchases();
I am not sure why though, do these methods call the firebase cloud function? and should I not call them? and if I should not call them then this would not be very safe as we would just be explosives for vulnerability to the front end) Now appearing on both account is bad, but what is even worse is that it seams like:
- The old account's Firebase custom claims aren't being removed when RevenueCat stops tracking it, (so after login on to the new account the old account subscription/entitlement is stuck in active even though it's past expiration date because the revenuecat firebase claim is not removed, I could potentially solve this by just looking at the firestore collection, but I am not sure if that would be good practice)
- Unsure if calling Purchases.logIn(user.uid) and Purchases.syncPurchases() after linking is necessary or causing issues. ( I am calling the Purchases.logIn(user.uid) after the user has signed up on either one of the sign up methods, where the user.uid would be the firebase uid)
- Local Apple device subscription state
- RevenueCat subscription state
- Firebase subscription state (custom claims/Firestore)
- How can we ensure that when a new account is created (not linked), the subscription is transferred or not duplicated?
- Is it correct to only sync purchases if the Firebase UID matches the RevenueCat user ID?
- How can we ensure that old, unlinked accounts have their Firebase custom claims removed?
