What would be recommended way to support linking local account to existing social account?
Scenario:
- User has previously signed up with social account (Google/Facebook etc.) -
[email protected] - User signs up with local account with
[email protected]email address. - User should be able to sign up either using his previously configured social account or local account via email/password.
I've seen some samples on GitHub and discussions here on StackOverflow about scenario where during social signup, local identity is created with social email address set as signInNames.emailAddress and GUID as a temporary password.
Then later on user can reset his password or we can tweak local account sign up policy to overwrite temporary GUID password with new one when user signs up with local account.
Another scenario that comes to my mind would be obviously to not create local identity upfront. Then, when user tries to sign up using local account, we could check whether e-mail address he provided during local account sign up is already associated with any social accounts (is this possible? I didn't find a way to read account by email from alternativeSecurityIds/userIdentites attribute. Maybe otherMails attribute could be used to read account by email, however I'm not sure if otherMails should/can be used to unambiguously identify account). If so, we could merge local identity into existing social account.
Is second approach even possible to achieve? Or should I stick to the first one which is already used in some samples on GitHub?
I use this one.
Create the local account first, then users can link to their social accounts (but they have to authenticate with each one to prove they own it).