I created a member-only site that uses Google oauth2 to authorize users. The site is built with a Laravel frame and the Ardarek Oath Library .
When the authorization request comes from Google, I look at the userβs record in the database by e-mail and go to the protected page, if the record exists, otherwise the registration page.
The problem is that some of our members use two Google accounts. One user has registered through their main account (e.ge. a@gmail.com ). The next day he returned and mistakenly tried to log in using b@gmail.com. Naturally, the system showed him the registration page. From now on, every time he visits the site, the authentication mechanism sees it using his second (undesirable) set of credentials.
To resolve this case, I instructed him to log out of all accounts (on both sides), clear the cookies and start from scratch, but this is not a practical solution for all users. In those cases, even this measure does not seem to fix the problem.
How can I solve this case? What is the correct way to request authentication authentication and return it from the correct account? Can I get Google to ask the user with which account to continue?
source share