aethex-forge/docs/DISCORD-OAUTH-NO-AUTO-CREATE.md

Discord OAuth Login Fix - Account Auto-Creation Removed

Problem

When logging in via Discord OAuth with an email that doesn't match any existing AeThex account, the system was automatically creating a brand new account.

Example:

• You have an AeThex account: mrpiglr@gmail.com
• Your Discord email: someone@discord-email.com
• Before: Clicking "Continue with Discord" created a NEW account with someone@discord-email.com
• Result: You had two accounts and couldn't access your original account

Solution

Discord OAuth login now requires an exact email match. If the Discord email doesn't match an existing account:

1. User is redirected to /login with error message
2. Error message: "Discord email (xxx@example.com) not found. Please sign in with your email account first, then link Discord from settings."
3. User signs in with their email (e.g., mrpiglr@gmail.com)
4. User goes to Dashboard → Connections → Link Discord
5. Discord is now linked to the existing account

Changed Files

• code/api/discord/oauth/callback.ts: Removed auto-account-creation logic
  • No longer creates new auth users
  • No longer creates new user profiles
  • Only links Discord if email matches existing account
  • Redirects to login if no email match

New User Flow

Users with NO existing AeThex account:

1. Click "Continue with Discord" on /login
2. Authorize Discord
3. If Discord email matches an existing account → Linked + logged in ✅
4. If Discord email is NEW → Redirected to /login with error ⚠️
   • They must create account via Email/Password OR continue with GitHub/Google (if available)
   • Then they can link Discord from Dashboard

For You Specifically

Your situation:

1. ✅ You have AeThex account: mrpiglr@gmail.com
2. ✅ Your Discord email is different
3. New behavior: Clicking "Continue with Discord" now shows error
4. What to do:
   • Go to /login and sign in with mrpiglr@gmail.com password
   • Go to /dashboard?tab=connections
   • Click "Link Discord"
   • Authorize Discord
   • ✅ Discord is now linked to mrpiglr@gmail.com account

Testing

Test Case 1: Existing User, Matching Email

1. Create account with Discord email: person@example.com
2. Logout
3. Click "Continue with Discord"
4. Should login to existing account (not create new)
✅ Success: Only one account

Test Case 2: Existing User, Different Email

1. Create account: mrpiglr@gmail.com (email/password)
2. Discord email: something_else@example.com
3. Click "Continue with Discord"
4. Should see error: "Discord email not found"
5. Sign in with mrpiglr@gmail.com
6. Go to Dashboard → Link Discord
✅ Success: Discord linked to correct account

Test Case 3: New User, No Existing Account

1. Click "Continue with Discord" (no account exists)
2. Discord email: new_user@example.com
3. Should see error: "Discord email not found"
4. User must sign up with email/password or other OAuth first
✅ Success: No auto-created account with mismatched email

Why This Change?

• Prevents account duplication: No more accidentally creating second accounts
• User confusion prevented: Users see clear error message explaining what to do
• Email consistency: Each AeThex account now has one email, reducing support issues
• Better linking experience: Forces intentional linking, not accidental account creation

Rollback (if needed)

If this change causes issues, the old behavior can be restored by:

1. Uncommenting the account creation logic in code/api/discord/oauth/callback.ts
2. Using the isNewUser flag to redirect to onboarding for new accounts

However, this will re-introduce the original problem.