Best Login practices

For the first question – “Should we unlink the device? if so, why?”, there is no need to unlink the device ID. A PlayFab account can be linked to more than one accounts from multiple platforms. For example, when your account is linked to Facebook account, you can still use your device ID for silent login next time. Even though you create an account via LoginWithFacebook and in the player account you can only see Facebook account is linked, you can always manually add custom ID, device ID in Game Manager, or link other accounts to PlayFab accounts via API calls. The work flow at PlayFab is, when you login using device ID/Facebook for the first time and set CreateAccount = true in the request, A PlayFab Account with unique PlayFab ID will be created, then this account will link with your device ID/Facebook.

For the second question, The basic idea for the login part is Facebook accounts, device IDs, google accounts or any other 3^rd party accounts that PlayFab supports are just providing different authentication methods here to access the same PlayFab account. when a user’s device is lost, they can still use LoginWithFacebook at a new client, or any other login APIs to access their accounts as long as they still have authentication information.

Additionally, in terms of the linked Facebook account, unless you manually unlink it in Game Manager or client has called APIs like UnlinkFacebookAccount, if another user tries to link it, there should be an error message(in Unity) like:

/Client/LinkFacebookAccount: That account is already linked to a different user