Enhancements to third party login

[rishabhpoddar]

(These will be done after release of thirdparty and thirdparty + emailpassword login)

• [x] https://github.com/supertokens/supertokens-core/issues/154#issuecomment-767323453
• [x] https://github.com/supertokens/supertokens-core/issues/154#issuecomment-768166913
• [ ] Handle OAuth 1.0 since some providers like Twitter use it.
• [ ] https://github.com/supertokens/supertokens-core/issues/182#issuecomment-790428359
• [ ] https://github.com/supertokens/supertokens-core/issues/182#issuecomment-824161301

[kant01ne]

one thing is that if you sign up with OAuth, but then forget that you did, but you know which address you used, and go to forgot password flow, you will not receive any emails. a good idea would be to send an email saying “there is no email/password but we found a Google account linked to this email address”

[rishabhpoddar]

If a user has already signed up previously with email X, and uses another method to sign in with the same email, we will remind them that they had an account already and to use that other method. Or they can continue and create a new account.

This would more or less solve the issue of users creating a new account by mistake, whilst maintaining app security.