adamwathan
commented
8 years ago Hey @waterloomatt, you can provide custom matching logic now, so if you really wanted match users up based on email you could.
The closure passed to login will now use whatever is returned as the matched User, or fallback to the built in matching functionality if nothing is returned.
Example here: https://github.com/adamwathan/eloquent-oauth-l5/issues/10#issuecomment-172864961
I would warn to be very careful matching users based on email, because there's nothing stopping me from signing up for a GitHub account with your email, then logging into your app and gaining access to your account if you had already created an account with the same email. Most of these OAuth providers don't require email verification before being able to access their API.
waterloomatt
I know this topic is complicated and might not be covered by this package but I was wondering if there's documentation about merging accounts.
My application has a traditional email/password log in/registration form and also uses eloquent-oauth (Google provider). If a user registers with the traditional form a user record is created with a unique key on email. Then, if the same user tries to log in or register using eloquent-oauth's Google provider the DB constraint fails while creating the associated user account because the email address is already present.
How are you (or anyone) handling this use case?