We should split the current version of AccountAuthType into a new, smaller version of AccountAuthType and a new object to represent account identifiers. This will fully decouple account identifiers from credentials like passwords and passkeys. Credential verification should be replaced by account identifier verification, and a database migration will need to occur to make sure accounts and credentials match new data models.
Acceptance Criteria
[x] add stateful userless login session collection (used to store passkey challenges)
[x] maintain list of auth types - password (only one allowed), passkeys (multiple allowed, each associated with an identifier), external auth types
[x] add list of identifiers - multiple emails allowed, multiple phones allowed, only one username allowed
[x] add identifiers for profile email and phone and account username and remove these three fields
[x] database migration (split account.auth_types into account.auth_types and account.identifiers, remove auth types that are actually identifiers and insert new auth types, update auth type codes and IDs in other collections)
Description
We should split the current version of
AccountAuthTypeinto a new, smaller version ofAccountAuthTypeand a new object to represent account identifiers. This will fully decouple account identifiers from credentials like passwords and passkeys. Credential verification should be replaced by account identifier verification, and a database migration will need to occur to make sure accounts and credentials match new data models.Acceptance Criteria
account.auth_typesintoaccount.auth_typesandaccount.identifiers, remove auth types that are actually identifiers and insert new auth types, update auth type codes and IDs in other collections)