How does social auth co-exist with email/pass auth?

I’m looking to add social auth, Gmail, etc. to my portal. I’d appreciate advice on best practices when a user tries to use both because they don’t remember which auth method they used.

  • An account created via Google has no password. Can that account later set a password through the password-reset (set-new-password link) flow and then use email/password login — or is a password blocked on social-origin accounts?

  • If an account is limited to a social login, do I alert the user if they try to login with a password?

  • What happens if a user row exists for an email address, and then they try to login using the same email address via social login?

Thanks,
Tim

Hello @Tim_Jones

  1. An account created via Google can later set a password through the password-reset flow and use standard email/password login.

  2. Backendless does not return a specific error code or message indicating that the account requires a social login. You can implement this behavior by creating Before login event handler, and there check if user roles contains SocialUser role

  3. Backendless automatically merges the account by linking the new social provider identity to the existing user row.

Regards,
Sergii