We currently follow two flows when linking accounts and are currently using the account-linking extension. Both are successful in the account linking itself, but currently one of these flows does not authenticate the user after the account linking.
We use google authentication and username/password authentication to login users.
The two flows are as follows:
1.) Username/Password login > user gets logged in > logout > Google authentication > account linking prompt > verify with username/password login > account gets linked > user gets logged in
2.) Google authentication > user gets logged in > logout > username/password authentication > account linking prompt > verify with google authentication > account gets linked > login fails
In the second flow, after the callback, when the user gets redirected back to the main app, the user is met with an error stating that user authentication has failed. Upon checking the network logs, it would seem that after the account is verified, account-linking succeeds and resumes authorization, but a token was not returned for the user to authenticate, whereas in the first flow, does return a token.
The question being: Can user account-linking verification via social login return an authentication token? If so, how could it be implemented?
For additional context, I’ve prepared some additional screenshots of the situation.
Callback via the successful login flow after account linking:
As you can see here, a token was returned.
Now for the flow via the unsuccessful login after account linking:
In this flow, no token was returned.
And lastly, this is what the flow looks like from the account linking page to the dashboard of our application via the second flow. As said earlier, the account linking is successful. We just lack the token needed to login the user, hence the authentication error shown here.