Skip to content

Fix OAuth account_email not being updated on re-authentication #8831

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
pieterbeulque wants to merge 2 commits into from
Closed

Fix OAuth account_email not being updated on re-authentication #8831

pieterbeulque wants to merge 2 commits into from
+52 −14

Conversation

@pieterbeulque
Copy link
Contributor

@pieterbeulque pieterbeulque commented Jan 9, 2026

When a user re-authenticates with an OAuth provider (Google, Apple, GitHub)
after changing their email on that provider, the account_email field was not
being updated - only account_username was updated. This caused a mismatch
where users logging in with one email would be linked to an account with a
different email in our database.

The fix ensures account_email is always updated alongside account_username
when updating existing OAuth accounts in both get_updated_or_create() and
link_user() methods for all three providers.

claude added 2 commits January 9, 2026 11:14
@claude
Fix OAuth account_email not being updated on re-authentication
8235f9c 
When a user re-authenticates with an OAuth provider (Google, Apple, GitHub)
after changing their email on that provider, the account_email field was not
being updated - only account_username was updated. This caused a mismatch
where users logging in with one email would be linked to an account with a
different email in our database.

The fix ensures account_email is always updated alongside account_username
when updating existing OAuth accounts in both get_updated_or_create() and
link_user() methods for all three providers.
@claude
Add explicit OAuth intent to prevent accidental account linking
ebf16bc 
Previously, when a logged-in user clicked "Login with Google/GitHub/Apple",
the OAuth flow would store their user_id in state, causing the callback to
call link_user() instead of get_updated_or_create(). This could link a
different OAuth account to the existing user instead of logging them into
the correct account.

This change adds an explicit `intent` query parameter to the OAuth authorize
endpoints:
- `intent=login` (default): Always uses get_updated_or_create() for login/signup
- `intent=link`: Uses link_user() to connect an OAuth account to current user

The frontend now passes `intent=link` only from the Authentication Settings
page where users explicitly want to connect an OAuth account.
@vercel
Copy link

vercel bot commented Jan 9, 2026

The latest updates on your projects. Learn more about Vercel for GitHub.

2 Skipped Deployments
Project Deployment Review Updated (UTC)
polar Ignored Ignored Jan 9, 2026 11:57am
polar-sandbox Ignored Ignored Jan 9, 2026 11:57am

@github-actions
Copy link
Contributor

github-actions bot commented Jan 9, 2026

📦 Next.js Bundle Analysis for web

This analysis was generated by the Next.js Bundle Analysis action. 🤖

This PR introduced no changes to the JavaScript bundle! 🙌

@frankie567
Copy link
Member

frankie567 commented Jan 12, 2026

Superseded by #8880

@frankie567 frankie567 closed this Jan 12, 2026
@pieterbeulque pieterbeulque deleted the claude/fix-google-login-mismatch-wBbOO branch January 13, 2026 07:39
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@pieterbeulque @frankie567 @claude