Google oAuth improvements

Tom

If I understand this correctly, Google oAuth signup creates id, name, email in google_oauth. This id is not changing after it's been created and it acts as an identifier between Google and specific user in Xano.

The problem with current setup in Xano comes into play if your user already exists (e.g. password, magic link etc) and they click on "Continue with Google". Current api setup checks if the google_oauth has id, which is doesn't, so it tries to create a new user. Xano won't allow this since the email already exists in the table (throws duplicate entries error).

I've adjusted my stack to check for google_oauth.id, followed by email check. Only if both are null, continue to creating a new entry in the users table, otherwise just update google_oauth on the existing user.

I believe this should be default behaviour, since this allows previous magic links/password users to continue with Google later on. But would love to hear your thoughts and potential drawbacks/security implications if any.

Sean Montgomery

 great observation. You are right, it should check for both for your scenario.

The implementation assumed that you would only use the oauth implementation which means the emails would be unique, but if there was a user with an email already setup then it would run into the issue you mentioned.