1. User enters no email or password
- User can sign in as a guest
2. User enters an email
- User can send a magic link
3. User enters an email and a password
- User can sign up or sign in
If the user signs up with an email we haven't seen before, an account is created.
If the user signs up with an email we have seen before, what should we do?
I was thinking when a user clicks sign up we could send them a magic link regardless of whether or not they've created an account already. That way the sign-up button behaves the same whether the email is associated with an account or not.
However if we do that, their password is deleted because Firebase Auth isn't sure whether or not the user receiving the magic link is the same user who created an account with a password. This is reasonable.
But now I'm not sure what to do with my sign up button, if you have an account it does one thing, if you don't have an account it does another thing, effectively leaking the fact you have an email with us.