Thanks for the detailed report @androideveloper ! What you're experiencing is a bit unintuitive but currently expected behavior.
Once an App Center account is associated with a given SSO provider's account (i.e. a Google, Facebook, Microsoft, or GitHub account), there is currently no manually way of changing that association.
When you're changing the email address in the App Center user settings, you're simply changing the email address that could in the past be directly used for email & password login to App Center.

@ScottArbeit I've looked through other open issues but didn't find a good match. Better management of linked SSO accounts has been something I wished for for a long time, maybe we want to capture that separately as a feature request?

Thanks for the detailed report @androideveloper ! What you're experiencing is a bit unintuitive but currently expected behavior.
Once an App Center account is associated with a given SSO provider's account (i.e. a Google, Facebook, Microsoft, or GitHub account), there is currently no manually way of changing that association.
When you're changing the email address in the App Center user settings, you're simply changing the email address that could in the past be directly used for email & password login to App Center.

@lumaxis Thanks for the feedback on this issue. Besides being unintuitive I think this is a security vulnerability, because potentially you can change your email many times under the settings and in that case, every new email can be used for signing in to AppCenter later, even if you removed that under the settings.

@androideveloper That's not exactly how this works. Only the currently set email address could be used to directly log in to App Center with a password.
Each SSO account is linked to exactly one App Center account at a time.

@lumaxis In this case we get many SSO to one AppCenter linking. Please find the video showing how to reproduce here https://1drv.ms/v/s!AiUG8l584Bi2kihsnZ3jgpM4tMfe?e=ouyaiN

@androideveloper That's correct and currently by design, as I mentioned. You can have multiple SSO accounts linked to a single App Center account but each SSO account can only be linked to one App Center account and each App Center account only to one Google, Facebook, GitHub, or Microsoft account at a time.

Additionally, what you're showing in the last part of the video is another functionality where, when you login with a given SSO account for the first time, we look up that SSO account's email address in the App Center database and link it to an existing App Center account if it exists with that email address.

This issue has been automatically marked as stale because it has not had any activity for 60 days. It will be closed if no further activity occurs within 15 days of this comment.

New activity, please don't close it bot

This issue will now be closed because it hasn't had any activity for 15 days after stale. Please feel free to open a new issue if you still have a question/issue or suggestion.