fix: finalize oauth identity bindings

backend/internal/handler/auth_oauth_pending_flow_test.go

@@ -372,7 +372,7 @@ func TestExchangePendingOAuthCompletionBindCurrentUserOwnershipConflict(t *testi
 	require.Nil(t, storedSession.ConsumedAt)
 }
 
-func TestExchangePendingOAuthCompletionLoginFalseFalseDoesNotBindIdentity(t *testing.T) {
+func TestExchangePendingOAuthCompletionLoginFalseFalseBindsIdentityWithoutAdoption(t *testing.T) {
 	handler, client := newOAuthPendingFlowTestHandler(t, false)
 	ctx := context.Background()
 
@@ -420,21 +420,22 @@ func TestExchangePendingOAuthCompletionLoginFalseFalseDoesNotBindIdentity(t *tes
 
 	require.Equal(t, http.StatusOK, recorder.Code)
 
-	identityCount, err := client.AuthIdentity.Query().
+	identity, err := client.AuthIdentity.Query().
 		Where(
 			authidentity.ProviderTypeEQ("linuxdo"),
 			authidentity.ProviderKeyEQ("linuxdo"),
 			authidentity.ProviderSubjectEQ("login-false-123"),
 		).
-		Count(ctx)
+		Only(ctx)
 	require.NoError(t, err)
-	require.Zero(t, identityCount)
+	require.Equal(t, userEntity.ID, identity.UserID)
 
 	decision, err := client.IdentityAdoptionDecision.Query().
 		Where(identityadoptiondecision.PendingAuthSessionIDEQ(session.ID)).
 		Only(ctx)
 	require.NoError(t, err)
-	require.Nil(t, decision.IdentityID)
+	require.NotNil(t, decision.IdentityID)
+	require.Equal(t, identity.ID, *decision.IdentityID)
 	require.False(t, decision.AdoptDisplayName)
 	require.False(t, decision.AdoptAvatar)