diff --git a/spec/RestCreate.spec.js b/spec/RestCreate.spec.js
index d07e18ed0e..7bf9d22b8d 100644
--- a/spec/RestCreate.spec.js
+++ b/spec/RestCreate.spec.js
@@ -146,7 +146,46 @@ describe('rest create', () => {
         done();
       });
   });
-  
+
+  it('handles anonymous user signup and upgrade to new user', (done) => {
+    var data1 = {
+      authData: {
+        anonymous: {
+          id: '00000000-0000-0000-0000-000000000001'
+        }
+      }
+    };
+
+    var updatedData = {
+      authData: { anonymous: null },
+      username: 'hello',
+      password: 'world'
+    }
+    var username1;
+    var objectId;
+    rest.create(config, auth.nobody(config), '_User', data1)
+      .then((r) => {
+        expect(typeof r.response.objectId).toEqual('string');
+        expect(typeof r.response.createdAt).toEqual('string');
+        expect(typeof r.response.sessionToken).toEqual('string');
+        objectId = r.response.objectId;
+        return auth.getAuthForSessionToken({config, sessionToken: r.response.sessionToken })
+      }).then((sessionAuth) => {
+        return rest.update(config, sessionAuth, '_User', objectId, updatedData);
+      }).then((r) => {
+        return Parse.User.logOut().then(() => {
+          return Parse.User.logIn('hello', 'world');
+        })
+      }).then((r) => {
+        expect(r.id).toEqual(objectId);
+        expect(r.get('username')).toEqual('hello');
+        done();
+      }).catch((err) => {
+        fail('should not fail')
+        done();
+      })
+  });
+
   it('handles no anonymous users config', (done) => {
      var NoAnnonConfig = Object.assign({}, config);
      NoAnnonConfig.authDataManager.setEnableAnonymousUsers(false);
diff --git a/src/RestWrite.js b/src/RestWrite.js
index c32a37073d..f00d852bc9 100644
--- a/src/RestWrite.js
+++ b/src/RestWrite.js
@@ -281,26 +281,26 @@ RestWrite.prototype.handleAuthData = function(authData) {
 
     this.storage['authProvider'] = Object.keys(authData).join(',');
 
-    if (results.length == 0) {
-      this.data.username = cryptoUtils.newToken();
-    } else if (!this.query) {
-      // Login with auth data
-      // Short circuit
-      delete results[0].password;
-      // need to set the objectId first otherwise location has trailing undefined
-      this.data.objectId = results[0].objectId;
-      this.response = {
-        response: results[0],
-        location: this.location()
-      };
-    } else if (this.query && this.query.objectId) {
-      // Trying to update auth data but users
-      // are different
-      if (results[0].objectId !== this.query.objectId) {
-        throw new Parse.Error(Parse.Error.ACCOUNT_ALREADY_LINKED,
-                            'this auth is already used');
+    if (results.length > 0) {
+      if (!this.query) {
+        // Login with auth data
+        // Short circuit
+        delete results[0].password;
+        // need to set the objectId first otherwise location has trailing undefined
+        this.data.objectId = results[0].objectId;
+        this.response = {
+          response: results[0],
+          location: this.location()
+        };
+      } else if (this.query && this.query.objectId) {
+        // Trying to update auth data but users
+        // are different
+        if (results[0].objectId !== this.query.objectId) {
+          throw new Parse.Error(Parse.Error.ACCOUNT_ALREADY_LINKED,
+                              'this auth is already used');
+        }
       }
-    }
+    } 
     return Promise.resolve();
   });
 }