bug: If a social login is missing the required email and that email is already registered, the accounts will not be linked.Β #8289
Description
Describe the bug
In my self-hosted Logto, I used a username and email address as registration identifiers. Then, I used a social connector that couldn't provide these two identifiers and enabled the feature requiring users to provide a valid registration identifier, as well as automatically linking accounts with the same identifier. When a user uses this social connector, they are asked to provide a username and email address for registration. The user enters an existing email address, sends a verification code, and after verification, it prompts that the account xxx@xx.com already exists and prompts them to continue logging in. At this point, there are two buttons: Cancel and Log In. Clicking Cancel requires re-verifying a new email address, while clicking Log In directly logs into the account with the added email address, without linking the social connector to that account.
Expected behavior
It can link this social connector to an account without needing to use an API.
How to reproduce?
- Configure a social connector that does not return an email.
- Enable the "Require users to provide a missing sign-up identifier" and "Automatically link accounts with the same identifier" features.
- Set both the username and email address as required unique registration identifiers.
- Ensure that a user account with the email address
test@example.comexists. - Try logging in using the newly added connector.
- When prompted for a missing email address, enter
test@example.comand complete the verification. - Observe the prompts and confirm that clicking the login button does not link the used social connector.
Environment
Self-hosted (Docker image)
Screenshots
