-
Notifications
You must be signed in to change notification settings - Fork 3.9k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
🐛 [firebase_auth] linkWithCredential throws Exception operation-not-allowed even when provider is enabled #11661
Comments
Thanks for the report @VincentJouanne
But if we sign in anonymously and then try to link with credential, it throws the reported exception, but it seems the plugin is catching the error properly as I see that the exception also contains There's a similar error thrown but for a different use case though : #10736 I'll keep the issue open for team's attention / input on the error received. /cc @Lyokone |
Hello @VincentJouanne. I did a little digging on this issue, and it seems to be an issue with the server. Based on the docs, converting an anonymous user to a permanent account is a valid use case. Here is a simple example using the JS SDK using Vite to bundle and run the TS: // main.ts
import {initializeApp} from 'firebase/app';
import {
getAuth,
signInAnonymously,
linkWithCredential,
EmailAuthProvider
} from 'firebase/auth';
const firebaseConfig = {
apiKey: ...,
authDomain: ...,
projectId: ...,
storageBucket: ...,
messagingSenderId: ...,
appId: ...,
};
initializeApp(firebaseConfig)
const auth = getAuth();
async function anon() {
await signInAnonymously(auth);
}
async function link() {
const credential = EmailAuthProvider.credential('test@example.com', 'password');
await linkWithCredential(auth.currentUser!, credential);
}
document.getElementById('#anon-button')!.addEventListener('click', anon);
document.getElementById('#link-button')!.addEventListener('click', link); <!-- index.html -->
...
<button id="anon-button">Sign in Anonymously</button>
<button id="link-button">Link with Email</button>
<script src="main.ts" type="module"></script>
... After clicking on Uncaught (in promise) FirebaseError: Firebase: Please verify the new email before changing email. (auth/operation-not-allowed). The network request can also be inspected to see the response from the Firebase servers, which proves that this is an error on the servers itself: Response from
|
Thank you very much for your deepdive @exaby73 🙏 ! |
great work @exaby73 ! |
same issue here. @exaby73 ,what does that mean? Does it mean that google servers are down/hacked/insecure? |
@tomasbaran I can assure you that it's not any of those :) As far as I know, this was an unintentional bug with regards to a change that is actually improving security. Rest assured, the Firebase team is aware of this issue and will be fixed soon |
I raised an issue and got a response. This is known and being fixed on. The next release should fix this issue. This is caused by Email Enumeration Protection and can be disabled for your project. |
I've disabled "Email Enumeration Protection" for my project, but oath parameters are still missing in google-services.json |
It seems this issue has been resolved. Please don't hesitate to open a new issue if you encounter any further problems. We're here to help! |
Bug report
When I setup a Firebase Project and enable Anonymous and Email/Password Auth providers:
and I perform
FirebaseAuth.instance.signInAnonymously()
, it works:but when after that I perform:
it throws:
I would expect this action to be successful since the Anonymous provider is enabled.
On the other hand,
FirebaseAuth.instance.createUserWithEmailAndPassword(email: 'vincent+1@email.com', password: 'Flutter123!');
works.Steps to reproduce
Steps to reproduce the behavior:
Expected behavior
I would expect the method
FirebaseAuth.instance.currentUser?.linkWithCredential(credential);
to work when the Anonymous provider is enabled.Sample project
https://github.com/VincentJouanne/bug_anonymous_auth
Additional context
Here is my
google-services.json
:Flutter doctor
Run
flutter doctor
and paste the output below:Click To Expand
Flutter dependencies
Run
flutter pub deps -- --style=compact
and paste the output below:Click To Expand
The text was updated successfully, but these errors were encountered: