Devise + OmniAuth: should I use uid or email as the user identifier?

I’m reading this guide for adding OmniAuth to an existing Rails application that uses Devise:

I’m interested in Google login in particular.

However there’s something confusing. After OAuth login they recommend to use:

User.where(provider: auth.provider, uid: auth.uid).first_or_create

In my opinion this would be the correct solution:


Let me explain. If I use their code this is what happens:

  1. A user already has an account on my website with email
  2. The user now decides to login with Google instead of entering the email and password
  3. The user sees the Google login screen and logs in to Google with email
  4. Our website would create a new, separate account (even if the email is the same)!

So, is my solution better? Or am I missing something?