I am building a feature to allow my users to recover their account, in case they buy a new phone and want to continue to play on that.
I followed the guide on best practices for logins and from a technical perspective, everything seems to work fine:
On first launch, my game generates a unique custom ID, uses that to log in to playfab using LoginWithCustomID, and saves this custom ID locally to file. For future sessions, it loads this file to get the custom ID to log on with.
Later on, the user is given the chance to add an email and password to their account to make it recoverable. Or alternatively, to enter an email and password in order to recover an old account. If either of these are successful, the game saves the username and password locally to file. And then uses that to log in with LoginWithEmail in the future.
However, there are a few scenarios in which this leads to either bad UX or technically risky hacks. This suggests maybe I've misunderstood something conceptually:
In the first scenario, the user plays the game for a bit, adds an email address / password, doesn't get very far, then churns. Some time later, they install the game on their new phone, make great progress and try to add their email / password to secure their account new account.
Their email address is already in use. Of course they could recover their old account, but really they want to keep playing with their new account in which they've made much more progress.
At another company I work for, we have our own backend, and in this scenario of "email address already in use", or indeed in the case of a normal "account recovery", we provide the user with the option of which account they want to continue with, and which will be lost.
The user sees some basic information about the two accounts, such as the name of their Empire, Cities Owned, Army Strength, and also Coins and Gems associated with each account. On selecting one or the other, the backend then associates their email/password/login details with the selected account, and that's the one the user uses thereafter. The old account is orphaned and eventually cleaned up (deleted).
It seems there is no easy way to do this "giving the user a choice" with PlayFab. As far as I can tell, it's not possible to remove an email address from one Master Player Account and add it to a different one. (And it also wouldn't make sense for the second scenario detailed later). Nor does it seem it's possible to transfer a Title Player Account from one Master Player Account to another. It is possible to copy all the Title Player Data from the non-email Master Player Account to the email-linked Master Player Account, overwriting the unwanted data from the game where the user didn't progress much in the process. However the actual implementation of this looks extremely hacky / technically complicated and risky.
In the second scenario, the publisher has two games: Title A and Title B. The user plays Title A and adds an email/password. At some later point, they play Title B and attempt to add the same recovery email. However, email address is stored at the Master Player Account level, so the email address is already in-use from Title A.
The same hacky solution could be applied here. The Title B client could log in with the email address, thus creating a new Title Player Account for Title B under the same Master Player Account as Title A. And then copy/paste across all the Player Title Data. But again it will be difficult to implement, hard to maintain and a lot of things can go wrong.
From a UX perspective, the other options are also bad: The game could deny the user the ability to recover their account, or even worse, oblige the user to start again if they want to have a recoverable account.
The best solution I have seen for this is to add a prefix to an email. So when the user types in me@email.com, what the game client actually registers is titleID.me@email.com. However, this completely defeats the point of having the email/password stored at the Master Player Account level. The same user would have multiple Master Player Accounts, each one with only one Title Player Account in it.
These are uncommon scenarios, but not so unlikely to happen that they're not worth thinking about. I really feel like I'm missing something here. If there's a best practice guide for this or anyone has ideas how to approach this differently, or if there's some API call that does all this that I'm not aware of, I'd be very interested to know.