From 9baf5063e143303d79e4cc970fce33f6a59e38af Mon Sep 17 00:00:00 2001
From: ekzyis <ek@stacker.news>
Date: Tue, 21 Nov 2023 02:59:05 +0100
Subject: [PATCH] Never update account if multi auth is used

---
 pages/api/auth/[...nextauth].js | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/pages/api/auth/[...nextauth].js b/pages/api/auth/[...nextauth].js
index 339b33e7..8b3c4050 100644
--- a/pages/api/auth/[...nextauth].js
+++ b/pages/api/auth/[...nextauth].js
@@ -123,7 +123,8 @@ async function pubkeyAuth (credentials, req, res, pubkeyColumnName) {
       const token = await getToken({ req })
       if (!user) {
         // if we are logged in, update rather than create
-        if (token?.id) {
+        // never update account if multi auth is used, only create
+        if (token?.id && !multiAuth) {
           // TODO: consider multi auth if logged in but user does not exist yet
           user = await prisma.user.update({ where: { id: token.id }, data: { [pubkeyColumnName]: pubkey } })
         } else {