I’m looking to add social auth, Gmail, etc. to my portal. I’d appreciate advice on best practices when a user tries to use both because they don’t remember which auth method they used.
-
An account created via Google has no password. Can that account later set a password through the password-reset (set-new-password link) flow and then use email/password login — or is a password blocked on social-origin accounts?
-
If an account is limited to a social login, do I alert the user if they try to login with a password?
-
What happens if a user row exists for an email address, and then they try to login using the same email address via social login?
Thanks,
Tim
