I’m reading this guide for adding OmniAuth to an existing Rails application that uses Devise:
I’m interested in Google login in particular.
However there’s something confusing. After OAuth login they recommend to use:
User.where(provider: auth.provider, uid: auth.uid).first_or_create
In my opinion this would be the correct solution:
User.where(email: auth.email).first_or_create
Let me explain. If I use their code this is what happens:
- A user already has an account on my website with email example@example.com
- The user now decides to login with Google instead of entering the email and password
- The user sees the Google login screen and logs in to Google with email example@example.com
- Our website would create a new, separate account (even if the email is the same)!
So, is my solution better? Or am I missing something?