It sounds like you're experiencing some confusion with the authentication setup in your FusionAuth application. When using traditional email + password authentication alongside Google login, you're expecting to see distinct information in the user session to differentiate between the two authentication methods.
In the context of your Express.js application, the req.session.user object should ideally provide some form of identity provider identification to distinguish between users authenticated via traditional email + password versus Google login. However, it appears that you're not seeing this distinction reflected in the session information.
This behavior could be due to how FusionAuth handles user authentication and session management. It's possible that FusionAuth is not explicitly adding information about the identity provider to the user session, leading to ambiguity when accessing the session data in your Express.js application.
To address this issue, you may need to customize your FusionAuth setup or modify your Express.js application logic to explicitly capture and store information about the identity provider used during authentication. This could involve updating your authentication middleware or incorporating additional FusionAuth API calls to retrieve and store identity provider information alongside user session data.
In summary, while the lack of distinction between authentication methods in the user session may not be the expected behavior, it's likely a result of how FusionAuth is configured or how session information is managed in your application. By exploring customization options and making adjustments to your application logic, you should be able to achieve the desired differentiation between traditional email + password and Google login authentication methods.