Just a question @services. I guess that login in from Facebook connection will merge correctly with an existing RB account (with only legacy username / password / email connection) ONLY IF the Facebook account main email is the exact same that the one used in the legacy login? Am I right?

It must be so since we can’t LINK social medias to our RB account from our profile settings.

This would mean that if the emails differ from your FB account and RB account, the user will get 2 profiles

It’s not as simple as that… there are two phases.

Auth0 will auto-merge the accounts if the email addresses match… (in the case of Aleman) it did that… however there some code on legacy that tries to update the matching id… which is now different because of the email address… so it updated it which it shouldn’t have and then next time they logged on, it sent a different identifier (the original) and it couldn’t find that in our db so created a new account…

I have been going through the code to see where all the branches are for this to see if I can clean it up, there just however is a lot of code that will try to overwrite things making this issue a little more complex.

It is on the priority list to clean up tho.

Ok but what happen when the emails don’t match?

Then it will create a new account. There is no way of successfully matching two accounts without any solid identifiers… email address generally is the best bet.

In the case of a new facebook account, once requested I can manually merge the two accounts together, but only if it’s gets raised and asked.

It’s also something I don’t know I want a user doing themselves unless they can provide proof/login details of the original account…

Why not work it this way?

If the Facebook connection doesn’t match the email to an existing email account, prompt the user to either login to his existing account (which would then merge the 2 connections) or create a new account (with the need to include an email, username and region), instead of auto-creating an account with a random username?

That’s an idea, requires a big rewrite of the authentication flow though. The random username only occurs if a username doesn’t come through from Auth0 and with social logins you generally don’t get a username.

I’ve got a whole document with how to refactor authentication. Currently we just don’t have the resources to enact it quick enough.

Why allow fb login in the first place?

It was trendy a ways back in time

Any connection autenticated through other like fb is bad.

A decision made before my time, I believe to make onboarding users a little more accessible.

TBH if you already have an account with a username/password then continue to use that…and everything should work as normal.