This repository has been archived by the owner on Aug 21, 2024. It is now read-only.
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
i don't think this will be populated for users who logged in with any other Oauth, or if the email field is populated in multiple identity providers, how do we decide which one to use?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Apple/Google/Github should all have an email after #10894. But it looks like Twitter/FB/Discord/LinkedIn were skipped since we're not using them on the platform right now, so that's still a concern. And deciding which one to use is a good point.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Regarding deciding, what if we prefer magiclink identity-provider over SSOs. And if its missing, then use any SSO.
Or maybe in SSO we can give preference to google > apple > github?
Or is there any other way?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
What's the suggestion here then?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Hey so, I have locally created 2 different users, one through the magic link process and another using github oauth social login, I've verified that either way, the user's "email" property is being populated, see screenshot:
Based on the fact that email address is always available in the email property, I believe that it's safe to use the email property as single source of truth.
Regarding deciding which email to pick, I don't see any difference between picking the first against prioritizing selections, either we are making an assumption which by nature can be right or wrong regardless.
Unfortunately asking the user isn't an option since that's exactly what we are trying to avoid here, so if we can't ask the user and there's no difference nor guarantees between different assumptions, IMO the right way to solve this is by having a "primary contact" kind of feature, like having a "Primary Shipping Address" in Amazon, "Primary Payment Card" in Uber and so on, that should be configured within a user's Profile and then using the primary user's selection when needed, like in this case.
That's the only way I see to fulfill the expectation, while maintaining the user's right to decide what's the personal preference.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@jonathan-casarrubias in your example you used magic-link and github which were associated with same email address. But what if, for magic-link you used [email protected] while the github account that you used had [email protected] associated with it. In that case the email field would have different values and thats the inconsistency we are referring to. Hope it clears out the confusion.
I agree regarding your primary email address thing. For now we can go ahead with if there is any record with identity provider
type === 'email'(this is the case when magic-link was used). If this identity provider is there, then use the email from it. Otherwise use email from the random one.