User's trying to login with a saeon.ac.za, but via username/password can't login

[zachsa]

Hi Mark,

Amelia has previously logged into the Identity Server using the 'SAEON Staff' button. This morning she was trying to login via username/password with the same email and couldn't login.

Steps:

1. User logs in via Google
2. User logs out
3. User tries to create and account or sign in via password with the saeon.ac.za email address

Any ideas how to make this more pleasant for users?

[marksparkza]

It was a design choice to keep the password and Google login flows separate - otherwise things get complicated and not-so-obvious - e.g. allow the password field to be optional and detect a gmail address and trigger the Google flow from the login button... It doesn't make sense to capture the user's Google password, we can't forward that to Google and it would break the OAuth2 security model anyway.

If a @saeon.ac.za account was created using password signup first, then the user can log in via either method - maybe a little inconsistent but it doesn't cause any problems. However if the account was first created via Google, then it has no password.

So there are two options here:

1. Workaround: the user can click the forgotten password link, which will allow them to set a password and then log in using either method
2. I could pop up an error message saying something like "Please click the 'Log in via Google' button to log in as amelia@saeon.ac.za"

[zachsa]

Either or both sound good to me!