My question is almost the same as this one
the only difference is that users have the opportunity to register (provides their username and password). Users should have only one account, if the user has the same email address, I combined these accounts. and my application has a different registration method, which is through Facebook.
What I basically do is
- When a user first visits the for site, he or she then creates a user account in which she only has a username, password and mailing address after creating a third-party identification account and then paired with a local account. However, if the Users table has an empty username and password, but the letter is filled in with the users email that we received from a third party service provider
And the second scenario
- Users are trying to register on the site. check if the email exists, if the email exists, but it is registered using a third-party account, use the form filled in by the user and paste it into the user account paired with the third-party account, in short, if the user email is in the database just combine the locally created account and the third party account.
Now my question is - is my approach safe and trustworthy? if not the best way to combine accounts and at the same time, if a user logs in with the same email address (one that is on a third party) and he has a third-party account, will this account merge?