Manual:$wgRemoveCredentialsBlacklist

Details
List of AuthenticationRequest class names which are not removable through Special:RemoveCredentials and the removeauthenticationdata API.

This is only enforced on the client level; AuthManager itself (e.g. AuthManager::allowsAuthenticationDataChange calls) is not affected.

Class names are checked for exact match (not for subclasses).