Bug: unlinking all oauth providers breaks users login #28
Comments
|
How does this happen? There is already a security to avoid the user to remove all providers 
|
GreenmeisterDavid
added a commit
to GreenmeisterDavid/gavarnie
that referenced
this issue
Oct 14, 2024
|
My bad, I forgot to add 'google' in the provider checks in my PR to add it, just committed a fix for it here; #27 . Maybe we can centralize providers somewhat more to make it easier to add/remove them? Closing this as its not relevant here. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Currently when a user unlinks all oauth providers they cannot login anymore. This is expected, but if they try to login with a new/different provider that has the same email address, the user will get an error along the lines of 'an account already exists with this email, login to that one and link it this provider'. This blocks them from logging in and renders the existing account inaccessible.
I suggest adding a simple check, both frontend and backend, before removing a provider. If that provider is the users' only method of logging in (the only auth provider linked), display an error.
Shall I create a pull request for this or is another way of handling this preferred?
💚
The text was updated successfully, but these errors were encountered: