Account linking

[rishabhpoddar]

Summary of change

(A few sentences about this PR)

Related issues

• Link to issue1 here
• Link to issue1 here

Checklist

• [ ] Algolia search needs to be updated? (If there is a new sub docs project, then yes)
• [ ] Sitemap needs to be updated? (If there is a new sub docs project, then yes)
• [ ] Checked for broken links? (Run cd v2 && MODE=production npx docusaurus build)
• [ ] Changes required to the demo apps corresponding to the docs?

Remaining TODOs for this PR

• [x] post sign up callback should have the right condition for when it's sign up vs sign in
• [ ] update email function calls should handle the status for not possible:
  • [x] node
  • [ ] python
  • [ ] golang
• [ ] email verification email sending sends the recipe user id and not the primary user id. We need to mention that.
• [ ] password reset emails can be sent to primary user id or recipe user id - this needs to be clarified.
• [ ] Need to document that isEmailChangedAllowed should be called before calling updateEmailOrPassword if account linking is enabled + that when checking if email is verified in the change email API, we should check across all recipe users that are linked to the session's userID.
  • [x] node
  • [ ] python
  • [ ] golang

    There exists no primary user with the same email or phone number as the new user,
         * but there exists other recipe users with the same email or phone number, and at least
         * one of these recipe users have their info as unverified. See the comments in
         * isSignUpAllowed for more info on why we prevented this. But we allow it here cause
         * if we didn't and forced the user to verify the other recipe user, it may end
         * up that that user becomes a primary user, in which case, linking to the existing
         * session's account will not be possible.

• [ ] Mention in the docs that account linking with passwordless magic link is not dangerous in our impl cause the user is logged into the other browser (in which they clicked the link)
• [ ] add docs warning for "If email verification is in optional mode, and the user does some activity and then verifies their email, it would result in the user ID changing."
• [x] Error codes that require contacting support should have error codes associated with them to make it easier for devs integrating with SuperTokens to debug the errors. This also means that we need to maintain a doc explaining the error codes
• [x] Explain concept of recipeUserID vs primaryUserId vs isPerimaryUser
• [x] Explain conditions in which accounts can be linked automatically,.
• [x] Check docs for deduplication
• [ ] Confirm that the notice on top of the user object docs about node sdk >= 16.0 is correct.
• [x] frontend sdk code snippets
• [x] web-js SDK snippet change to account for new status codes
• [x] auth-react UI to show about new status codes
• [x] mobile code snippets response to account for new status codes.
• [x] adding caution to automatic account linking docs to say that you should return true for shouldAutomaticallyLink only if there is no existing data for the user in the db. The user ID can be fetched from the first param of the function
• [x] session object also has getRecipeUserId
• [ ] associateUserToTenant for golang and python must take into account ASSOCIATION_NOT_ALLOWED_ERROR
• [x] disassociateUserFromTenant for golang and python must take into account DISASSOCIATION_NOT_ALLOWED_ERROR -> THIS MAY GO AWAY.. (IN NODE)
• [x] add error code for email password sign in / up in automatic account linking as well.
• [ ] in backend skd changelog, mention:
  • [ ] that the way to check if a user has signed up has changed
  • [ ] the way to update email post sign in has changed
• [ ] migration guide - mention about account linking operation in there.

[netlify[bot]]

❌ Deploy Preview for admiring-bhabha-7b1be9 failed.

Name	Link
🔨 Latest commit	135b13f88087c82bcdc18519b45e49fa3595a02e
🔍 Latest deploy log	https://app.netlify.com/sites/admiring-bhabha-7b1be9/deploys/650c5ae909e4610007cf942b