Form validation when user tries to use social logins with emails that already exist

Currently, if I sign up a user with Google and use that same Gmail address to sign up with email and password there is no validation done to make sure that the email is not already in use.

I can use a pre-registration to check but that only works in one direction because the hooks only fire with email/password logins but not with social logins.

Also, I cant use a rule because those run after users are already authenticated.

So what can I do? How do other people deal with this or do they just allow multiple accounts with the same email addresses. I don’t find that allowing this would be good practice.

Hi @mcodes,

Account linking is usually the suggested solution for this scenario. This allows users to log in with any identity provider (social, database, etc) and links all of the accounts.

This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.