Skip to content

Account Linking

A user who already has an Odeion account can attach OAuth identities to it, then sign in with either the password or any linked provider. Each provider identity can be linked to at most one Odeion account.

In the web app, open Settings > Security. The Linked accounts section lists every enabled provider with its link status. Clicking link starts a normal OAuth flow; when the provider redirects back, the identity is attached to the signed-in account instead of creating a session.

On iOS, linking an Apple identity uses the native sign-in sheet rather than a browser redirect.

If the provider identity is already attached to a different Odeion account, linking fails with a conflict error. Unlink it from the other account first.

The same Linked accounts section shows which providers are linked, along with the email and display name the provider reported. One identity per provider can be linked.

Unlinking removes the identity immediately, with one safety rule: an account with no password set cannot unlink its last remaining identity, because that would leave no way to sign in. Set a password first, then unlink.

This matters for accounts that were created through an OAuth signup and never set a password.

  • Linking and unlinking are self-service; there is no admin approval step.
  • Disabling a provider in Admin > Settings > Authentication stops logins through it but does not delete stored identity links. Re-enabling the provider makes them work again.
  • A locked account cannot sign in through a linked provider; locking applies to every login method. See Rate Limiting and Account Locking.