Consider rejecting sign-ins where third-party IdP email does not match the initial email entered

[evan10s]

Currently, say you have an account [email protected] that uses Google sign in. Say you also have a second existing account under [email protected] also using Google sign in. If you enter [email protected] but sign into the Google account [email protected] when prompted, you will be signed into [email protected].

In reality, this silent redirection can be confusing to users. Since users have to enter their email address, we should improve this experience and reduce confusion, perhaps by rejecting the login attempt or showing a prompt prior to signing into the account associated with the third-party identity provider they actually signed into.