Discord OAuth Login Fix - Account Auto-Creation Removed

Problem

When logging in via Discord OAuth with an email that doesn't match any existing AeThex account, the system was automatically creating a brand new account.

Example:

You have an AeThex account: [email protected]
Your Discord email: [email protected]
Before: Clicking "Continue with Discord" created a NEW account with [email protected]
Result: You had two accounts and couldn't access your original account

Solution

Discord OAuth login now requires an exact email match. If the Discord email doesn't match an existing account:

User is redirected to /login with error message
Error message: "Discord email ([email protected]) not found. Please sign in with your email account first, then link Discord from settings."
User signs in with their email (e.g., [email protected])
User goes to Dashboard → Connections → Link Discord
Discord is now linked to the existing account

Changed Files

code/api/discord/oauth/callback.ts: Removed auto-account-creation logic
- No longer creates new auth users
- No longer creates new user profiles
- Only links Discord if email matches existing account
- Redirects to login if no email match

New User Flow

Users with NO existing AeThex account:

Click "Continue with Discord" on /login
Authorize Discord
If Discord email matches an existing account → Linked + logged in ✅
If Discord email is NEW → Redirected to /login with error ⚠️
- They must create account via Email/Password OR continue with GitHub/Google (if available)
- Then they can link Discord from Dashboard

For You Specifically

Your situation:

✅ You have AeThex account: [email protected]
✅ Your Discord email is different
New behavior: Clicking "Continue with Discord" now shows error
What to do:
- Go to /login and sign in with [email protected] password
- Go to /dashboard?tab=connections
- Click "Link Discord"
- Authorize Discord
- ✅ Discord is now linked to [email protected] account

Testing

Test Case 1: Existing User, Matching Email

1. Create account with Discord email: [email protected]
2. Logout
3. Click "Continue with Discord"
4. Should login to existing account (not create new)
✅ Success: Only one account

Test Case 2: Existing User, Different Email

1. Create account: [email protected] (email/password)
2. Discord email: [email protected]
3. Click "Continue with Discord"
4. Should see error: "Discord email not found"
5. Sign in with [email protected]
6. Go to Dashboard → Link Discord
✅ Success: Discord linked to correct account

Test Case 3: New User, No Existing Account

1. Click "Continue with Discord" (no account exists)
2. Discord email: [email protected]
3. Should see error: "Discord email not found"
4. User must sign up with email/password or other OAuth first
✅ Success: No auto-created account with mismatched email

Why This Change?

Prevents account duplication: No more accidentally creating second accounts
User confusion prevented: Users see clear error message explaining what to do
Email consistency: Each AeThex account now has one email, reducing support issues
Better linking experience: Forces intentional linking, not accidental account creation

Rollback (if needed)

If this change causes issues, the old behavior can be restored by:

Uncommenting the account creation logic in code/api/discord/oauth/callback.ts
Using the isNewUser flag to redirect to onboarding for new accounts

However, this will re-introduce the original problem.

PreviousDiscord Linking Flow - Complete Issue Analysis & Fix NextDiscord OAuth Setup Verification Checklist

Last updated 1 month ago

Good afternoon