User Story
This is an illustrative user story, but the generally use case of the authn/authz login is much more broad (especially in regards to business management of accounts).
My wife are the annoying type of people that share a facebook account, but we have separate twitter accounts and separate accounts on some other systems.
I log in via (joint) Facebook
- /api/session/authentications now includes facebook
- I have no account, so an account is created as my primary (and current) account
- /api/accounts now includes /api/accounts/:accountId
- /api/accounts/:accountId now authorizes facebook
I go to the link authentications page (for the current account) and select log in via (my) Twitter
- /api/session/authentications now includes twitter, with this as the primary account
- /api/accounts/:accountId now authorizes twitter
I go to "switch accounts" and select "create new account" to create an account for my wife.
- I am prompted if I want to authorize all accounts currently in /api/session/authentications
I checkbox (joint) facebook, but uncheck (my) twitter. I check "use this as the primary account" for the (joint) facebook.
- /api/sessions/authentications/:ourfacebookid is updated to use the this my wife's new account as the primary
I go to another computer and log in via twitter.
- I am logged into (my) account in the system
- I cannot switch to my wife's account
My wife goes to another computer and logs in via facebook
- She is logged into (her) account in the system
- She can switch to my account
Summary
Whatever /api/sessions I have, I may switch to any of those accounts
I may link any of /api/sessions to /api/accounts/authentications as primary or additional
When I login via a particular authentication, I get that authentication's primary account, but I may switch to any account. I may also may this a primary account.
login vs linking: login switches the current account. linking does not.