Unify login
#1001
Replies: 1 comment
-
|
Default behavior for some large sites currently do not do unification of accounts:
They do this because it is security risk. If a hijacker was to use my email address to sign up for an account where I already had signed up via google, with automatic account unification, they could get access. But is definitely possible. We will need to enforce email verification for all accounts (regardless of signup method), and implement some custom logic with auth0 to connect accounts. (they do not offer account unification as a service). |
Beta Was this translation helpful? Give feedback.
0 replies
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Uh oh!
There was an error while loading. Please reload this page.
-
A user was confused because they first logged in via the "Sign in with Google" option and then later tried to log in via the username/password flow. An improvement would be that if their email already exists, then link the two to the same account
Beta Was this translation helpful? Give feedback.
All reactions