This feature request is to accommodate the inability of linking email and social logins on your platform. In our system, we'd like to direct all logins with the same email address to one account. We've managed to associate link login and social logins to one account on our end, but there is a security issue in which it is possible to generate a Magic token from social login and use the token to access the API for link login. We need to check provenance
to make sure users do not abuse our APIs.
{
"id": [EMAIL_ADDR]',
"magic_client_id": [CLIENT_ID],
"provenance": "LINK",
"signup_ts": 1625162812
},
{
"id": [EMAIL_ADDR]',
"magic_client_id": [CLIENT_ID],
"provenance": "apple",
"signup_ts": 1625162812
},
{
"data": {
"email": [EMAIL],
"issuer": [ISSUER],
"public_address": [PUBLIC_ADDRESS],
"provenance": [PROVENANCE],
...
},
...
}