Open brettwillis opened 9 months ago
Seconding this, my use case is an EdTech app that allows sign in from 3rd party identity providers including Google. We do not want anyone with a google account to be able to automatically added to our userbase, but we also want to give users the opportunity to login with a different method and link the credential that we don't already recognize to one that we do. The auth/admin-restricted-operation error type doesnt return the credential, so we either have to allow signups and manually manage purging users who aren't actually our users, or the user has to manually re-auth and link with the provider they first tried to auth as. Our primary users are elementary and middle schools so the simpler this process is for them the better, and having them re-auth with Clever/Google once they've logged in with another method doesn't feel like something we can ask of 3rd graders
Firebase SDK Version
10.7.2
Describe the problem
As per the lines below, the response auth credentials are already surfaced for
FEDERATED_USER_ID_ALREADY_LINKED
errors so that the credential can be linked in a following operation.https://github.com/firebase/firebase-js-sdk/blob/895d0cf981068cbfb74c40ac0e87b4e46096fdc1/packages/auth/src/api/index.ts#L191-L196
Now that there is a new setting to disable self-service user account creation, when a user signs in auth a federated provider when there is no existing account, then we get an
ADMIN_ONLY_OPERATION
error.In such a case, we may want to initiate account creation via our own (admin) backend, and thereupon link the credentials to our new account. However this is currently impossible because the credentials are not surfaced.
Let's get the user credentials response surfaced with the error for
ADMIN_ONLY_OPERATION
in the same way asFEDERATED_USER_ID_ALREADY_LINKED
?