FR: Surface auth credentials in `auth/admin-restricted-operation` error

[brettwillis]

Firebase SDK Version

10.7.2

Describe the problem

As per the lines below, the response auth credentials are already surfaced for FEDERATED_USER_ID_ALREADY_LINKED errors so that the credential can be linked in a following operation.

https://github.com/firebase/firebase-js-sdk/blob/895d0cf981068cbfb74c40ac0e87b4e46096fdc1/packages/auth/src/api/index.ts#L191-L196

Now that there is a new setting to disable self-service user account creation, when a user signs in auth a federated provider when there is no existing account, then we get an ADMIN_ONLY_OPERATION error.

In such a case, we may want to initiate account creation via our own (admin) backend, and thereupon link the credentials to our new account. However this is currently impossible because the credentials are not surfaced.

Let's get the user credentials response surfaced with the error for ADMIN_ONLY_OPERATION in the same way as FEDERATED_USER_ID_ALREADY_LINKED?

[ajoy39]

Seconding this, my use case is an EdTech app that allows sign in from 3rd party identity providers including Google. We do not want anyone with a google account to be able to automatically added to our userbase, but we also want to give users the opportunity to login with a different method and link the credential that we don't already recognize to one that we do. The auth/admin-restricted-operation error type doesnt return the credential, so we either have to allow signups and manually manage purging users who aren't actually our users, or the user has to manually re-auth and link with the provider they first tried to auth as. Our primary users are elementary and middle schools so the simpler this process is for them the better, and having them re-auth with Clever/Google once they've logged in with another method doesn't feel like something we can ask of 3rd graders