To test this, you should try both registration and login using email address like '@' (that will make the GUI accept the address as valid but SSO will reject it).
You can also try registering with an already registered email address, etc.
Also, you can try logging with non existing accounts, and resetting passwords for non-existing accounts, and resetting password for a valid account but using a bad token.
To test this, you should try both registration and login using email address like '@' (that will make the GUI accept the address as valid but SSO will reject it).
You can also try registering with an already registered email address, etc.
Also, you can try logging with non existing accounts, and resetting passwords for non-existing accounts, and resetting password for a valid account but using a bad token.