The "auth/operation-not-allowed" error occurs when a sign-in provider is disabled in your Firebase project. Enable the required authentication method in the Firebase console Sign-in Method tab to resolve this issue.
The auth/operation-not-allowed error indicates that the authentication provider you are trying to use has not been enabled in your Firebase project configuration. Firebase requires you to explicitly enable each sign-in method (Email/Password, Google, Anonymous, Phone, etc.) before your application can use it. When disabled, any attempt to authenticate users through that provider will fail with this error code. This is a security measure designed to prevent unauthorized authentication methods and ensure that your project only uses approved sign-in providers. The error acts as a gate between your application code and Firebase's authentication service.
Navigate to https://console.firebase.google.com and click on your project from the dashboard.In the left sidebar, locate and click on "Authentication" under the "Build" section. If you don't see it, expand the "Build" menu.
At the top of the Authentication page, click on the "Sign-in method" tab. You will see a list of all available authentication providers.
Find the authentication provider you need (Email/Password, Google, Anonymous, Phone, etc.) in the list. Click on it to expand the settings, then toggle the "Enable" switch to ON. Click "Save" to apply the changes.
After saving, the provider should show a blue checkmark and "Enabled" status. If you changed multiple providers, enable each one you need for your application.
Deploy or reload your application and test the authentication method that previously failed. The error should no longer occur. For example, if fixing email/password auth:
const auth = getAuth();
try {
const userCredential = await createUserWithEmailAndPassword(auth, email, password);
console.log("User created successfully");
} catch (error) {
console.log("Error code:", error.code); // Should no longer be "auth/operation-not-allowed"
}For phone authentication specifically, also check the SMS region restrictions under Authentication > Settings tab. You may need to "Start with Allow" if you want to allow SMS in all regions or select specific regions.
If using email linking (linkWithCredential) and the error persists after enabling Email/Password, verify that both authentication methods exist under the same email address account. Users initially created with one provider cannot be linked with a conflicting provider.
Note: The updateEmail() method may throw "auth/operation-not-allowed" when Email Enumeration Protection is enabled. This method is now deprecated - use verifyBeforeUpdateEmail() instead.
For anonymous users attempting to link with an email provider, ensure both Anonymous and Email/Password are enabled. The linking process requires both providers to be active.
messaging/UNSPECIFIED_ERROR: No additional information available
How to fix "messaging/UNSPECIFIED_ERROR: No additional information available" in Firebase Cloud Messaging
App Check: reCAPTCHA Score Too Low
App Check reCAPTCHA Score Too Low
storage/invalid-url: Invalid URL format for Cloud Storage reference
How to fix invalid URL format in Firebase Cloud Storage
auth/missing-uid: User ID identifier required
How to fix "auth/missing-uid: User ID identifier required" in Firebase
auth/invalid-argument: Invalid parameter passed to method
How to fix "auth/invalid-argument: Invalid parameter passed to method" in Firebase