There are 3 entry points that touches the SSO with MyAccount:
Login
Link
Invite
Login
When a user tries to log in through Play, there is a lookup that is being done to know if the email address is linked to a MyAccount. On next, we need to do a look up to check if the associated Play account has an externalId.
If no Play account found or no externalId found associated to the email → Regular password input
If externalId found associated to the email → MyAccount redirect
We need to pass over the following parameters over to MyAccount in order to get the redirect URL
r='/login' // referer c='play-local' // client code identity='7e420faf-0ee2-45bb-aa34-8efbd651e003' // externalId on the Play account
This will ensure the user logs in to MyAccount to the correct account and provide the right access token back to Play.