You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Users currently have the option to sign in via Discord or GitHub; plausibly, we will add the option to make a local account with a username and password later. This leads to the unfortunate problem that a user could log in once through one option and then later through another, potentially struggling to find their profile as a result. Things could be done to mitigate this:
When a user logs in, store the method they used in their browser, and then add a little notice to the button for that login method when they visit the login page in the future. This will only work if they're using the same browser and haven't cleared their user data in it.
If a user signs in to a new account that uses the same email that was present in an already existing account, tell them that, and then give them the link to sign in via that method. For example, when someone logs in through Discord, the site already stores the email they use for Discord in their user data, so if it sees an account being created through GitHub that uses the same email we could ask the user if they're sure they want to do this first and/or put a link on the profile that they can click to try to use the login method associated with their other account.
We could ask them to tell us about their other accounts; for example, after someone signs in through GitHub, there could be a button on their profile page that says "link your Discord account" that would send them to the Discord login page and then just add the Discord data to their existing account, so that in the future, logging in through Discord *or* GitHub would bring up the same user data on our site. This would require adding extra fields to the User objects in the database, and it would make figuring out whether an account is staff or admin harder; currently, whether a user should have the admin role is updated whenever they log in, but in this system, someone could link their GitHub account to gain the admin role and then always log in through Discord thereafter, so they could never lose their admin account. This is possibly a bit paranoid
The text was updated successfully, but these errors were encountered:
Users currently have the option to sign in via Discord or GitHub; plausibly, we will add the option to make a local account with a username and password later. This leads to the unfortunate problem that a user could log in once through one option and then later through another, potentially struggling to find their profile as a result. Things could be done to mitigate this:
The text was updated successfully, but these errors were encountered: