@supermathie now that we’re migrating all the auth providers to use the same logic, this logic will need to be refactored / removed.
A lot has changed in the authentication system since 2017. The main thing is that users can connect/disconnect accounts whenever they want.
As I understand it, this change was added to protect against:
-
User connects google account 00001, with email user@example.com, to their discourse account
-
User tries to log into discourse using google account 00002, with email user@example.com
-
Error is shown, must be resolved on the console
Under the new “ManagedAuthenticator”, this would happen:
-
User connects google account 00001, with email user@example.com, to their discourse account
-
User tries to log into discourse using google account 00002, with email user@example.com
-
User logged in, reference to 00001 is scrubbed and replaced with 00002
I believe this is also the same method we follow with core Discourse SSO.
This seems fine to me. If a user is in control of a google account with a matching email address, then we should trust them. Was there a specific attack vector you were trying to protect against with this error message, or can we go ahead and make it match the other authenticators?