Social Login: Can't use magic link when connecting social login option to existing account

[rachelmcr]

What

Using magic link for login doesn't work for accounts created with social signup

A/C

• check if email login links not linking social signups is intentional Social Login: Can't use magic link when connecting social login option to existing account #35909 (comment) (see PR Update Social Login UI #17539)
• fix magic link for social signups or update copy to prevent confusion

Context

Steps to reproduce

1. Start with a WordPress.com account with no social login connections, and an Apple ID using the same email address.
2. Go to https://wordpress.com/log-in
3. Select "Continue with Apple."
4. In the pop-up window, log in to your Apple account.
5. Back in the main window (Calypso), confirm you are directed to a login screen asking you to enter your WordPress.com account credentials: We found a WordPress.com account with the email address “[YOUR_EMAIL]”. Log in to this account to connect it to your Apple profile, or choose a different Apple profile.
6. Select "Email me a login link."
7. Enter your email address, check your email, and use the magic link to log in.
8. Go to your social login settings and note that the Apple account was not connected to your WordPress.com account.
9. Log out of WordPress.com.
10. Try the same login steps, but notice that you get stuck after logging in to your Apple account (step 4). The Calypso login screen only shows this error: A valid email is needed to create a WordPress.com account.

What I expected

I expected to have my Apple account connected after logging in, no matter what login method I chose. (Or I expected to not see login options that wouldn't complete the connection.)

What happened instead

I got stuck with this error:

Browser / OS version

macOS 10.14.6
Chrome 76.0.3809.132

Context / Source

Found while beta testing Sign in with Apple, h/t @elibud for the steps to reproduce (internal ref: p77Llu-cz5-p2#comment-14598

[rachelmcr]

I checked the network requests leading directly to the error at the end:

• A request is made to https://wordpress.com/wp-login.php?action=social-login-endpoint
• It returns a 400 error with this response: {"success":false,"data":{"errors":[{"code":"unknown_user","message":"Hmm, we can't find a WordPress.com account with this username and password combo. Please double check your information and try again."}]}}

[lancewillett]

Noted something similar in a UX session with @rralian

Logging in with Apple, Bob gets an error:

“A valid email is needed to create a WordPress.com account”

Even though he is using first.last@gmail.com

Is it possible that the “dot” (period punctuation mark) isn’t considered valid?

[rachelmcr]

This is a more significant problem if you have a passwordless account, since the passwordless account will only prompt you to log in with a magic link. (It won't give you the password option to connect your account.)

Here's what the flow looks like:

1. Start with a passwordless WordPress.com account with no social login connections, and a Google account or Apple ID using the same email address. (You can create a passwordless WordPress.com account, for example, by signing up with email in the WordPress apps.)
2. Go to https://wordpress.com/log-in
3. Select "Continue with Google" or "Continue with Apple."
4. In the pop-up window, log in to your Google/Apple account.
5. Back in the main window (Calypso), notice you are directed to a screen prompting you to check your email for a login link (see screenshot below).
6. Check your email and use the magic link to log in.
7. Go to your social login settings and note that the Google/Apple account was not connected to your WordPress.com account.

Magic link login screen at step 5:

[jeyip]

Although I'm not able to reproduce the original issue that throws A valid email is needed to create a WordPress.com account, I'm still able to replicate the problem where an emailed login link does not connect a social account to an existing email. This happens for accounts with and without passwords. (Create a passwordless account at https://wordpress.com/start/simple/passwordless)

I expected to have my Apple account connected after logging in, no matter what login method I chose. (Or I expected to not see login options that wouldn't complete the connection.)

I agree with this sentiment. This seems less like a security measure and more like an oversight.

@Tug I see that you worked on the login block quite a while ago. Do you happen to know if email login links not linking social logins is intentional, or who we can communicate with to confirm whether or not it is?

Note:

• I was able to reproduce this in chrome, firefox, edge, and safari.

[jeyip]

@deBhal no rush on this. Feel free to chime in when you're done with your mshots work, but when you get the chance, could you try to reproduce the original error?

[github-actions]

This issue is stale because 720 days have passed with no activity. A member of @kitkat-team will review and if required close this issue within 7 days. If you disagree and would like this issue to remain open, please provide additional context, updated reproduction steps and/or screenshots.

[heavyweight]

Can't reproduce this.

I also don't have Apple social account connected.
When logging in with the Apple account with the same email, I get this screen where autologin happens and email link is sent:
https://github.com/Automattic/wp-calypso/assets/7000684/6d52c64c-5881-4c68-b6e4-3748f87eea0d

When clicking on the email login link I can log in without any issues.
https://github.com/Automattic/wp-calypso/assets/7000684/d5ac9f18-2845-4bf3-a028-ea0b449450ac

[github-actions]

Support References

This comment is automatically generated. Please do not edit it.

• p77llu-cz5-p2#comment-14598

[rachelmcr]

I can still reproduce the original issue, where I can't connect social login with an existing account using an email login link. @heavyweight I can also log in without any issues with the email login link, but when I visit https://wordpress.com/me/security/social-login after that I don't see a connected Apple account for social login.

That said, this was discovered a long time ago during beta testing. If we haven't received customer reports about it, it's very possible not a real problem for people.