A slight comment on this
Now, Launchpad is still restricted to a single provider. This means that
multiple identifiers don't occur except when people mistakenly create
multiple SSO accounts, log into Launchpad with both, and merge the two
resulting Launchpad profiles. And it's not clear which identifier should
win when merging profiles, so we keep both linked, letting both SSO
accounts log into the one profile.
Actually, SSO does merge one account *into* another, effectively discarding the "source" account (the user will still be able to log in with the old email address, but only because that address is added to the "target" account). Therefore, the only valid openid should be target accounts one (ie, it is possible to know which openid the user will have after the merge).