fix(enumeration): Document corner case with required password and OAuth#3368
Open
dmoerner wants to merge 2 commits into
Open
fix(enumeration): Document corner case with required password and OAuth#3368dmoerner wants to merge 2 commits into
dmoerner wants to merge 2 commits into
Conversation
Document a known corner case where instances with password required can still have accounts without passwords if the accounts were created from an OAuth sign up. Since we cannot reveal that an account exists without a password, users who try to sign in with the email on their OAuth account can try to enter a password, and it will be rejected as if it's a bad password. They should try another method, which our components are designed to allow.
|
The latest updates on your projects. Learn more about Vercel for GitHub.
|
Member
|
I've posted a docs review that updates the copy to make it a bit more clear on the situation that can happen, such as explicitly stating that this only occurs if the user tries signing in with the email on their OAuth account. however, I'd like @manovotny opinion on how we should frame this! |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
🔎 Previews:
What does this solve? What changed?
While trying to debug an unrelated issue for Venice.ai, we realized their custom components produce a confusing flow for users who sign up with a social provider but then try to use their email to sign in.
Document a known corner case where instances with password required can still have accounts without passwords if the accounts were created from an OAuth sign up. Since we cannot reveal that an account exists without a password, users who try to sign in with the email on their OAuth account can try to enter a password, and it will be rejected as if it's a bad password. They should try another method, which our components are designed to allow.
Frankly the UX here is kind of bad no matter what, this is one of the frictions that we just need to document I think.
Deadline
No rush
Other resources
https://clerkinc.slack.com/archives/C0849EDL529/p1778700671865669