Skip to content

linkWithCredentials throws an error when linking an anonymous user with a credential #7675

New issue
New issue
Closed
Closed
linkWithCredentials throws an error when linking an anonymous user with a credential#7675
Labels
api: authbug
@exaby73

Description

@exaby73
exaby73
opened on Oct 3, 2023

Operating System

MacOS 14

Browser Version

Chromium 117.0.5938.132

Firebase SDK Version

10.4.0

Firebase SDK Product:

Auth

Describe your project's tooling

Vite + Typescipt

Describe the problem

Hello. An issue was recently filed on Flutterfire regarding linkWithCredential throwing an OPERATION_NOT_ALLOWED error when linking an anonymous user with a credential. I was able to reproduce this issue across Android, iOS and Web SDKs, which lead me to conclude that this is an issue with the Firebase server response on this particular function.

Based on the docs, converting an anonymous user to a permanent account is a valid use case.

Link to original issue on Flutterfire: firebase/flutterfire#11661

Steps and code to reproduce issue

Here is a simple example using the JS SDK using Vite to bundle and run the TS:

// main.ts
import {initializeApp} from 'firebase/app';
import {
    getAuth,
    signInAnonymously,
    linkWithCredential,
    EmailAuthProvider
} from 'firebase/auth';

const firebaseConfig = {
    apiKey: ...,
    authDomain: ...,
    projectId: ...,
    storageBucket: ...,
    messagingSenderId: ...,
    appId: ...,
};

initializeApp(firebaseConfig)
const auth = getAuth();

async function anon() {
    await signInAnonymously(auth);
}

async function link() {
    const credential = EmailAuthProvider.credential('test@example.com', 'password');
    await linkWithCredential(auth.currentUser!, credential);
}

document.getElementById('#anon-button')!.addEventListener('click', anon);
document.getElementById('#link-button')!.addEventListener('click', link);
<!-- index.html -->
...
<button id="anon-button">Sign in Anonymously</button>
<button id="link-button">Link with Email</button>

<script src="main.ts" type="module"></script>
...

After clicking on Sign in Anonymously, clicking on Link with Email gives the following error:

Uncaught (in promise) FirebaseError: Firebase: Please verify the new email before changing email. (auth/operation-not-allowed).

The network request can also be inspected to see the response from the Firebase servers, which proves that this is an error on the servers itself:

Response from linkWithCredential server request:
{
  "error": {
    "code": 400,
    "message": "OPERATION_NOT_ALLOWED : Please verify the new email before changing email.",
    "errors": [
      {
        "message": "OPERATION_NOT_ALLOWED : Please verify the new email before changing email.",
        "domain": "global",
        "reason": "invalid"
      }
    ]
  }
}

Metadata

Metadata

Assignees

No one assigned

    Labels

    api: authbug

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions