Hi Dan,
I’ve looked at that and we’ll want to use it for some situations. However that doesn’t solve the situation where a user creates an account via social login and then a hacker creats a new username - password account with the same email and accesses their account. The other way round is fine and we can use account linking but we need to prevent the username - password account from being created if a social login already exists.
Hope that makes sense.