How to use security enforcer when there are two security providers❓

We offer users the option to register with their own email or with their google account, so we’ve create two security provider ‘security’ and ‘security_google’.
After redirect, how do we handle the security provider enforcer on the landing page?

What’s the purpose of having 2 security providers for one website?

When I use a single provider ‘security’ for both regular users and google users, i get an unauthorized response in the browser for google users wanting to connect but those goog users do get through when I log them with a separate security provider (security_google).
I know this does not feel right. But why do I get this unauthorized response when using same security for both types of users?

Not sure what you mean exactly.
You should be using a single security provider for your site.
Don’t you store all the users data in the same database table, which is then used for the security provider?

Yes all users in same user table.
This setup gives me a plain unauthorized message in the browser. The Oauth and API action are fine and returns the expected responses but the wappler flow after that has a problem.


But are you using the same username and password data as stored in the db and adjusted in the security provider settings?

Yes, login uses the email and pwd returned by the query which itself stores the google email and profile id (pwd):

Not sure what you mean

So you are using argon hashing for some of the passwords and not for others?
That is why you see unauthorized …

All your passwords must be hashed using argon hashing algorithm when storing them in the database!