This repository was archived by the owner on Oct 29, 2022. It is now read-only.
This repository was archived by the owner on Oct 29, 2022. It is now read-only.
OAuth account email merging #216
Description
In a situation where an OAuth provider revokes your client id, all users using that SSO will be locked out- for example, if Twitch bans the application's client id. Currently if you sign up using Twitch OAuth then try to sign in using the same email through Google OAuth you will be prompted to make a new username. Multiple OAuths manually entered through /profile/authentication works properly.
Some considerations:
- Twitch returns a user entered case-sensitive email
- Google returns a lowercase email and supports wildcard addresses (like something+another@gmail.com)that other providers may return
- Users may now already have duplicated accounts that needs to be resolved.