Closed
Description
While reviewing the code I found that OAuth-created accounts are treated differently than oauth-linked accounts.
Currently under Manage account links (/user/settings/security) they cannot be unlinked from the oauth provider that created them, despite having their own username and email address.
I believe this is the desired behavior when ALLOW_ONLY_EXTERNAL_REGISTRATION is set, but should probably not be the behavior generally.
I'll include the fix in with another related PR, but I wanted to document it separately here for now.