Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

linkWithCredentials throws an error when linking an anonymous user with a credential #7675

Closed
exaby73 opened this issue Oct 3, 2023 · 7 comments
Closed

linkWithCredentials throws an error when linking an anonymous user with a credential #7675

exaby73 opened this issue Oct 3, 2023 · 7 comments
Labels
api: auth bug

Comments

@exaby73
Copy link

exaby73 commented Oct 3, 2023
edited

Operating System

MacOS 14

Browser Version

Chromium 117.0.5938.132

Firebase SDK Version

10.4.0

Firebase SDK Product:

Auth

Describe your project's tooling

Vite + Typescipt

Describe the problem

Hello. An issue was recently filed on Flutterfire regarding linkWithCredential throwing an OPERATION_NOT_ALLOWED error when linking an anonymous user with a credential. I was able to reproduce this issue across Android, iOS and Web SDKs, which lead me to conclude that this is an issue with the Firebase server response on this particular function.

Based on the docs, converting an anonymous user to a permanent account is a valid use case.

Link to original issue on Flutterfire: firebase/flutterfire#11661

Steps and code to reproduce issue

Here is a simple example using the JS SDK using Vite to bundle and run the TS:

// main.ts
import {initializeApp} from 'firebase/app';
import {
    getAuth,
    signInAnonymously,
    linkWithCredential,
    EmailAuthProvider
} from 'firebase/auth';

const firebaseConfig = {
    apiKey: ...,
    authDomain: ...,
    projectId: ...,
    storageBucket: ...,
    messagingSenderId: ...,
    appId: ...,
};

initializeApp(firebaseConfig)
const auth = getAuth();

async function anon() {
    await signInAnonymously(auth);
}

async function link() {
    const credential = EmailAuthProvider.credential('test@example.com', 'password');
    await linkWithCredential(auth.currentUser!, credential);
}

document.getElementById('#anon-button')!.addEventListener('click', anon);
document.getElementById('#link-button')!.addEventListener('click', link);
<!-- index.html -->
...
<button id="anon-button">Sign in Anonymously</button>
<button id="link-button">Link with Email</button>

<script src="main.ts" type="module"></script>
...

After clicking on Sign in Anonymously, clicking on Link with Email gives the following error:

Uncaught (in promise) FirebaseError: Firebase: Please verify the new email before changing email. (auth/operation-not-allowed).

The network request can also be inspected to see the response from the Firebase servers, which proves that this is an error on the servers itself:

Response from linkWithCredential server request:
{
  "error": {
    "code": 400,
    "message": "OPERATION_NOT_ALLOWED : Please verify the new email before changing email.",
    "errors": [
      {
        "message": "OPERATION_NOT_ALLOWED : Please verify the new email before changing email.",
        "domain": "global",
        "reason": "invalid"
      }
    ]
  }
}
@exaby73 exaby73 added new A new issue that hasn't be categoirzed as question, bug or feature request question labels Oct 3, 2023
@jbalidiong jbalidiong added needs-attention and removed new A new issue that hasn't be categoirzed as question, bug or feature request labels Oct 3, 2023
@DellaBitta
Copy link
Contributor

Hi @exaby73,

Unfortunately I wasn't able to reproduce this in my testing. As you noted, though, this seems to be an error at the server/account level. The best way to move forward on this issue is for you to create a Firebase Support ticket so that someone can look at the backend configuration of your account and attempt to debug the issue there. I hope this helps!

@DellaBitta DellaBitta added needs-info contact-support-instead Please contact Firebase Support where you can share private info about your project and get help. and removed needs-attention labels Oct 4, 2023
@exaby73
Copy link
Author

exaby73 commented Oct 5, 2023

Hello @DellaBitta. Thanks for the swift response. I can still reproduce the issue. I am actually a maintainer on the Flutterfire repository. Shortly after raising this issue here, I got some feedback from the Firebase team that this is a known issue due to a change regarding email enumeration protection, which caused this unintentional change.

@NhienLam
Copy link
Contributor

NhienLam commented Oct 6, 2023

This behavior change is due to the Email Enumeration protection feature that is enabled by default on new projects (created on or after Sep 15). There is an option to disable the feature, in case your app relies on this functionality. In an upcoming release, the linkWithCredential SDK method will be fixed to work when the Email Enumeration Protection is enabled or disabled. This github issue will be used to track the the fix. Thanks!

@DellaBitta DellaBitta added bug and removed question needs-attention contact-support-instead Please contact Firebase Support where you can share private info about your project and get help. labels Oct 6, 2023
@exaby73 exaby73 mentioned this issue Oct 9, 2023
Closed
@morganchen12 morganchen12 pinned this issue Oct 13, 2023
@DellaBitta
Copy link
Contributor

Hi @11101100,

If you're encounter issues with the Firebase Unity SDK please create a new issue in the Firebase Unity SDK GitHub repository. Thanks!

@milaGGL milaGGL unpinned this issue Nov 6, 2023
@google-oss-bot google-oss-bot mentioned this issue Nov 7, 2023
Merged
@nohe427
Copy link

nohe427 commented Nov 17, 2023

Documentation updated and switch is now available in the Firebase Console

@nohe427
Copy link

nohe427 commented Nov 17, 2023

Link with credential is fixed in SDK version 10.6.0 for Web

@DellaBitta
Copy link
Contributor

I'm going to close this issue for now since the fix has been released. Please create a new issue and link to this one if you encounter further issues. Thanks!

alecnavapanich added a commit to Sluglet-Team/SlugletApp that referenced this issue Nov 21, 2023
@alecnavapanich
linkAccounts now works, and an anonymous account will automatically b…
f51ab71 
…e merged with the new account when signing up. I had to use a workaround to a known bug detailed here: firebase/firebase-js-sdk#7675
@firebase firebase locked and limited conversation to collaborators Dec 18, 2023
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
api: auth bug
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
6 participants
@nohe427 @DellaBitta @google-oss-bot @exaby73 @NhienLam @jbalidiong