Unexpected `auth/operation-not-allowed` Error When Linking Anonymous Account with Email in Firebase

Question

I'm encountering an unexpected issue when attempting to link an anonymous user with an email/password credential in Firebase. Relevant firebase auth doc

The following code snippet demonstrates the function I'm using to perform the linking:

export function linkAnonWithEmail(email, password) {
  const credential = firebase.auth.EmailAuthProvider.credential(email, password);
  auth.currentUser
    .linkWithCredential(credential)
    .then((result) => {
      // Handle successful linking
    })
    .catch((error) => {
      const errorCode = error.code;
      if (errorCode === 'auth/operation-not-allowed') {
        // This error is being triggered
      }
      // Handle other errors
    });
}

When this function is executed, I get the auth/operation-not-allowed error with the message "Please verify the new email before changing email." This behavior is unexpected, as:

• The Email/Password sign-in provider is enabled in my Firebase project.

• I haven't enforced email verification at this stage of the authentication flow.

• My current firebase version is 9.22.1 but I tried upgrading to the latest as well as downgrading versions and it didn't help.

• This issue was not present 3-4 months ago when I implemented this function and no relevant changes were made to the code or configuration.

• The exact same flow will work out without any issues if I link with googlesignin provider instead of emailauthprovider

Has anyone else encountered this specific error, or does anyone have insights into why this might be happening? Any help or guidance would be greatly appreciated.

Answer 1

I send an email to Firebase support, it seems there is protection activated by default since September 15, as you can see here.

You have here the process to disable this protection.