cc: @kylecarbs

@sreya don't we link based on ID?

Yeah we should be.

We should also automatically update the email and username for GitHub and OIDC accounts, as requested in #10516.

When a user configures an IdP or OIDC for the source of truth of usernames and emails, they will probably not use these fields in naming resources in the templates.

We can help by putting a warning in the docs on configuring OIDC/GitHub OAuth on not using these fields as part of resource names.

I have seen this behavior in Artifactory, where username and email always sync with the IDP.

I actually cannot reproduce this 🤔

@matifali can you reproduce this? I cannot and maybe it has been fixed and we can close?

@Emyrk I changed my GitHub primary email to my Coder email address and I can't log in anymore as I already havy an google OIDC account. Ideal should be to merge both accounts in this case.

If I change my primary email to some other email address Coder created. Anew account for me again.

@Emyrk I changed my GitHub primary email to my Coder email address and I can't log in anymore as I already havy an google OIDC account. Ideal should be to merge both accounts in this case.

Yup this is actually intentional. Merging accounts can be done similar to how we do "Convert to OIDC" from password auth.

We cannot automatically merge them. We would need the user to authenticate via both oauth methods, then click merge from both sides (whatever that looks like).

So this behavior is currently intentional.

@ben, @stirby can you try to reproduce this too? I can consistently reproduce.

Attempt to reproduce

When I change my primary github email from garrett@delfosse.dev to garrett@coder.com I get the following conflict error.

{"message":"Failed to process OAuth login.","detail":"in tx: execute transaction: update user profile: pq: duplicate key value violates unique constraint \"idx_users_email\""}

This makes sense, since I have a gmail login with garrett@coder.com already and that's a separate coder account.

When I change the primary email to delfossegarrett@gmail.com which should not have a conflict I am logged into my existing account (formerly garrett@delfosse.dev) correctly.

So I'd say I also cannot reproduce the same behavior Atif is seeing. I did not touch anything regarding my "public email" in this experiment, thought it was worth mentioning.

I experienced the exact same behavior as @f0ssel, unable to reproduce the other issue.

I wonder if something is different about @matifali's account 🤔

He is able to reproduce it on his own deployment too

@Emyrk and I figured out how to reproduce this. You need to delete your account once.