Pattern for overriding OAuthAccountNotLinked

[michaelhays]

Question 💬

Hello, I read your FAQ about "why are accounts not linked automatically", and understand the rationale for not doing so. Thanks for that writeup, it explained a lot!

The writeup includes this line:

Examples of scenarios where this is secure include with ... a provider you explicitly trust to have verified the users email address.

I'd like to trust email_verified from Google, in order to do something like this in my signin callback:

callbacks: {
  async signIn({ user, account, profile }) {
    if (account.provider === 'google') {
      const existingAccount = ...

      if (existingAccount) {
        // Allow login by Google if the Google account is already connected to a User
        return true
      }

      const existingUser = ...

      if (existingUser) {
        // Allow login by Google if the Google email matches an existing User, and the
        // email is verified by Google
        return profile.email_verified
      }

      return false
    }
  },
},

However, this still throws the OAuthAccountNotLinked error, even when profile.email_verified is true. Is there any way to override this currently?

How to reproduce ☕️

N/A

Contributing 🙌🏽

Yes, I am willing to help answer this question in a PR

[michaelhays]

FYI, I explained how I solved this problem (at least for my use case) in this comment: #230 (comment)