Two different strategies are adopted, one for when the user authenticates locally and the other through providers. When authenticating locally, the signin function in the client controller redirects to the previous state (storing and using a state name) after successful login. When authenticating through a provider, the first call to provider stores the previous URL (not state, URL) in the session. Then, when provider actually calls the authentication callback, session redirect_to path is used for redirecting user.
Emails are made unique. When user attempts to sign in through a provider in which his email is one that is already registered, user is redirected to the signin page with an error passed as a query string parameter.
