diff --git a/documentation/dsls/DSL:-AshAuthentication.Strategy.OAuth2.md b/documentation/dsls/DSL:-AshAuthentication.Strategy.OAuth2.md
index cda65647..3a53813c 100644
--- a/documentation/dsls/DSL:-AshAuthentication.Strategy.OAuth2.md
+++ b/documentation/dsls/DSL:-AshAuthentication.Strategy.OAuth2.md
@@ -181,16 +181,12 @@ defmodule MyApp.Accounts.User do
     attribute :email, :ci_string, allow_nil?: false
   end
 
-  identities do
-    identity :unique_email, [:email]
-  end
-
   actions do
-    create :register_with_example do
+    create :register_with_oauth2 do
       argument :user_info, :map, allow_nil?: false
       argument :oauth_tokens, :map, allow_nil?: false
       upsert? true
-      upsert_identity :unique_email
+      upsert_identity :email
 
       change AshAuthentication.GenerateTokenChange
       change fn changeset, _ctx ->
diff --git a/lib/ash_authentication.ex b/lib/ash_authentication.ex
index e59ab080..62fa7131 100644
--- a/lib/ash_authentication.ex
+++ b/lib/ash_authentication.ex
@@ -218,7 +218,7 @@ defmodule AshAuthentication do
           %{subject: to_string(subject)},
           Keyword.put(options, :not_found_error?, true)
         )
-        |> Ash.read_one()
+        |> Ash.read_one(not_found_error?: true)
         |> case do
           # This is here for backwards compatibility with the old api
           # when this argument was not added
@@ -266,7 +266,7 @@ defmodule AshAuthentication do
       })
       |> Query.for_read(action_name, %{}, options)
       |> Query.filter(^primary_key)
-      |> Ash.read_one()
+      |> Ash.read_one(not_found_error?: true)
     else
       _ ->
         {:error, Ash.Error.to_error_class(NotFound.exception([]))}