I’m migrating an iOS app with a legacy user ID system. Currently, the user IDs are stored locally on-device (in the keychain), and I will be introducing a way to create a real account that can be used across devices (it will be Firebase Auth). I think I have a migration path designed, but want to check I’m not misunderstanding anything. Here’s how it would work:

• User launches new build of the app containing the new accounts implementation.
• If they are an existing user with a legacy device-local ID, I log them in to RevenueCat with that ID for continuity until a future point where they decide to create an account.
• If they are a new user as of the introduction of the new accounts implementation, I log them into RevenueCat as anonymous. They can subscribe and do whatever they want while in the anonymous state.
• When a user comes to create an account, I create it using Firebase Auth, immediately log them into RevenueCat using the new user ID, and then call `syncPurchases`.

My assumption on the last step here from RevenueCat’s documentation is that regardless of whether they were an anonymous new user or a known existing user with a legacy ID, their new account will correctly become the owner of any existing subscriptions.

I understand there may be edge cases where syncing doesn’t correctly restore a subscription, but as long as this is only a small fraction of users I can cope with that using a support process where I direct users with a missing subscription to a restore button on a settings screen.

Does this sound like it should work? I feel it has a slightly strange edge case where if you ever want to create another account on a device, the new account will always ‘eat’ your subscription, but I can live with that as I can’t really see another way (It’s not really feasible UX wise for me to ask users to restore after creating an account — it has to work automatically).