Closed louischan-oursky closed 2 months ago
Per offline discussion, we will do nothing special in Step 6. Since account linking allows create_new_account
https://github.com/authgear/authgear-server/blob/main/docs/specs/account-linking.md#linking-actions , it is possible that more than 1 account sharing the same phone_number / email / preferred_username
Once https://github.com/authgear/authgear-server/issues/4516 is fixed, we will have this problem.
{"sub": "UserA", "phone_number": "+85251000001"}
. This is UserA."+85251000001"
. With account linking, UserA now has a OAuth identity and a phone number Login ID.{"sub": "UserB", "phone_number": "+85251000002"}
. This is UserB."+85251000002"
. With account linking, UserB now has a OAuth identity and a phone number Login ID."+85251000002"
.{"sub": "UserA", "phone_number": "+85251000002"}
.How should we handle Step 6?
"+85251000002"
is now shared by two accounts. The implication is that when someone signup with another OAuth provider with"+85251000002"
, thus trigger account linking, there are options to link UserA (OAuth phone number"+85251000002"
) and link UserB (Login ID phone number"+85251000002"
)