diff --git a/documentation/tutorials/github.md b/documentation/tutorials/github.md
index 286ef711..ebaeca78 100644
--- a/documentation/tutorials/github.md
+++ b/documentation/tutorials/github.md
@@ -116,9 +116,14 @@ defmodule MyApp.Accounts.User do
     create :register_with_github do
       argument :user_info, :map, allow_nil?: false
       argument :oauth_tokens, :map, allow_nil?: false
+      # Add oauth2 if an account with this email address already exists
       upsert? true
       upsert_identity :unique_email
 
+      # Fields you want to set if a matching user exists, *don't* include `confirmed_at`
+      upsert_fields []
+      change set_attribute(:confirmed_at, &DateTime.utc_now/0)
+
       # Required if you have token generation enabled.
       change AshAuthentication.GenerateTokenChange
 
@@ -130,6 +135,14 @@ defmodule MyApp.Accounts.User do
 
         Ash.Changeset.change_attributes(changeset, Map.take(user_info, ["email"]))
       end
+
+      # Ensure non-confirmed users can't sign up with oauth
+      change after_action(fn _changeset, user, _context ->
+        case user.confirmed_at do
+          nil -> {:error, "Unconfirmed user exists already"}
+          _ -> {:ok, user}
+        end
+      end)
     end
   end
 
diff --git a/documentation/tutorials/google.md b/documentation/tutorials/google.md
index 349b78b6..deda8769 100644
--- a/documentation/tutorials/google.md
+++ b/documentation/tutorials/google.md
@@ -47,19 +47,32 @@ defmodule MyApp.Accounts.User do
     create :register_with_google do
       argument :user_info, :map, allow_nil?: false
       argument :oauth_tokens, :map, allow_nil?: false
+      # Add oauth2 if an account with this email address already exists
       upsert? true
       upsert_identity :unique_email
 
+      # Fields you want to set if a matching user exists, *don't* include `confirmed_at`
+      upsert_fields []
+      change set_attribute(:confirmed_at, &DateTime.utc_now/0)
+
       change AshAuthentication.GenerateTokenChange
 
       # Required if you have the `identity_resource` configuration enabled.
       change AshAuthentication.Strategy.OAuth2.IdentityChange
 
-      change fn changeset, _ ->
+      change fn changeset, _context ->
         user_info = Ash.Changeset.get_argument(changeset, :user_info)
 
         Ash.Changeset.change_attributes(changeset, Map.take(user_info, ["email"]))
       end
+
+      # Ensure non-confirmed users can't sign up with oauth
+      change after_action(fn _changeset, user, _context ->
+        case user.confirmed_at do
+          nil -> {:error, "Unconfirmed user exists already"}
+          _ -> {:ok, user}
+        end
+      end)
     end
   end