From 2340b6f9c5d47c221cadd1966698efb257ef50ed Mon Sep 17 00:00:00 2001 From: "Builder.io" Date: Mon, 10 Nov 2025 22:19:25 +0000 Subject: [PATCH] Discord OAuth Login Fix - No More Account Auto-Creation cgen-8d4327300cf14effabebf3e6d3763e8e --- docs/DISCORD-OAUTH-NO-AUTO-CREATE.md | 90 ++++++++++++++++++++++++++++ 1 file changed, 90 insertions(+) create mode 100644 docs/DISCORD-OAUTH-NO-AUTO-CREATE.md diff --git a/docs/DISCORD-OAUTH-NO-AUTO-CREATE.md b/docs/DISCORD-OAUTH-NO-AUTO-CREATE.md new file mode 100644 index 00000000..06dc27e6 --- /dev/null +++ b/docs/DISCORD-OAUTH-NO-AUTO-CREATE.md @@ -0,0 +1,90 @@ +# Discord OAuth Login Fix - Account Auto-Creation Removed + +## Problem +When logging in via Discord OAuth with an email that doesn't match any existing AeThex account, the system was automatically creating a brand new account. + +**Example**: +- You have an AeThex account: `mrpiglr@gmail.com` +- Your Discord email: `someone@discord-email.com` +- **Before**: Clicking "Continue with Discord" created a NEW account with `someone@discord-email.com` +- **Result**: You had two accounts and couldn't access your original account + +## Solution +Discord OAuth login now requires an exact email match. If the Discord email doesn't match an existing account: +1. User is redirected to `/login` with error message +2. Error message: "Discord email (xxx@example.com) not found. Please sign in with your email account first, then link Discord from settings." +3. User signs in with their email (e.g., `mrpiglr@gmail.com`) +4. User goes to Dashboard → Connections → Link Discord +5. Discord is now linked to the existing account + +## Changed Files +- `code/api/discord/oauth/callback.ts`: Removed auto-account-creation logic + - No longer creates new auth users + - No longer creates new user profiles + - Only links Discord if email matches existing account + - Redirects to login if no email match + +## New User Flow +Users with NO existing AeThex account: +1. Click "Continue with Discord" on `/login` +2. Authorize Discord +3. If Discord email matches an existing account → Linked + logged in ✅ +4. If Discord email is NEW → Redirected to `/login` with error ⚠️ + - They must create account via Email/Password OR continue with GitHub/Google (if available) + - Then they can link Discord from Dashboard + +## For You Specifically +Your situation: +1. ✅ You have AeThex account: `mrpiglr@gmail.com` +2. ✅ Your Discord email is different +3. **New behavior**: Clicking "Continue with Discord" now shows error +4. **What to do**: + - Go to `/login` and sign in with `mrpiglr@gmail.com` password + - Go to `/dashboard?tab=connections` + - Click "Link Discord" + - Authorize Discord + - ✅ Discord is now linked to `mrpiglr@gmail.com` account + +## Testing + +### Test Case 1: Existing User, Matching Email +``` +1. Create account with Discord email: person@example.com +2. Logout +3. Click "Continue with Discord" +4. Should login to existing account (not create new) +✅ Success: Only one account +``` + +### Test Case 2: Existing User, Different Email +``` +1. Create account: mrpiglr@gmail.com (email/password) +2. Discord email: something_else@example.com +3. Click "Continue with Discord" +4. Should see error: "Discord email not found" +5. Sign in with mrpiglr@gmail.com +6. Go to Dashboard → Link Discord +✅ Success: Discord linked to correct account +``` + +### Test Case 3: New User, No Existing Account +``` +1. Click "Continue with Discord" (no account exists) +2. Discord email: new_user@example.com +3. Should see error: "Discord email not found" +4. User must sign up with email/password or other OAuth first +✅ Success: No auto-created account with mismatched email +``` + +## Why This Change? +- **Prevents account duplication**: No more accidentally creating second accounts +- **User confusion prevented**: Users see clear error message explaining what to do +- **Email consistency**: Each AeThex account now has one email, reducing support issues +- **Better linking experience**: Forces intentional linking, not accidental account creation + +## Rollback (if needed) +If this change causes issues, the old behavior can be restored by: +1. Uncommenting the account creation logic in `code/api/discord/oauth/callback.ts` +2. Using the `isNewUser` flag to redirect to onboarding for new accounts + +However, this will re-introduce the original problem.