There is the possibility that the username exists but the email address has changed. What should we do in these situations?

It is a normal situation, that somebody changes their email address. Discourse should follow this change, I believe. (I don't see if it was a security risk, but maybe I am wrong.)
Is it possible in a way, that the user doesn't realize anything about it? (Keeping all settings, history, badges etc.)

an error message would be displayed to the user, like: "There is already an account using this email address. If you want to use more than one account in $SITENAME, then you need to use unique email addresses for each Wikimedia account."

Or automatically offer the log in surface to the user to log in with the already existing account? (Without any prefilled field to keep the security and privacy.)

It is a typical use case, that somebody log in with different users: X and X (WMF), Y and YBot, Z1 and Z2 because of many legal reasons, and switches between them frequently. It would be more comfortable to offer a smooth way to change the log in in this case.

The plugin should check whether the incoming Wikimedia username/email already exists in the Discourse database.

Both of those can change; it should check for central user ID.
(On non-Wikimedia installations central user ID might change as well, e.g. if the site switches authentication methods. The documentation of the Discourse plugin should warn about that but does not need to address it.)

If the email already exists but the username doesn't, then an error message would be displayed to the user, like: "There is already an account using this email address. If you want to use more than one account in $SITENAME, then you need to use unique email addresses for each Wikimedia account."

s/username/central user ID/. What should the user do if they accidentally created the account from the "wrong" Wikimedia user account? Probably the MVP answer is "find a Discourse sysadmin who can change it in the database" but it would be nice to have a plan at least for how to handle it longer term.

There is the possibility that the username exists but the email address has changed. What should we do in these situations?

s/username/central user ID/. From a security perspective it is safe to merge the email addresses (add the new address as a secondary one, or even better set it as primary and add the old one as secondary); not sure how hard that is on the Discourse side.

There's also the possibility that the central user ID exists but the *username* has changed (via Wikimedia global user rename). That causes the Discourse username to mismatch the MediaWiki one; updating the Discourse username would break existing mentions. Not sure what can be done about that. It ties into the wider topic of how flexible Discourse usernames should be (e.g. what if the auto-sanitized version of my MediaWiki username is really useless, or non-unique?).

Is it in impossible, that discourse uses a user ID as a unique identifier, and our case it is the same as it is in the Wikimedia database? That would solve most of the the problems above (username and email address changes, non-uniqueness).

Two questions from the Discourse developer pertaining to this:

Are we 100% sure that usernames are unique and will remain unique? What if the Wikimedia server against which we are authenticating changes? (i.e. the site setting wikimedia auth site changes). If not, is there a user property that’s guaranteed to be unique? What about the user’s Central ID?

Is it possible to have two or more emails associated with the same account?

Usernames are unique but not permanent. We have seen attacks in the past where User:Foo is renamed to User:Bar and User:Evil social-engineers renaming themselves to User:Foo and gets access to stuff they shouldn't.

Central ID is unique and permanent. Theoretically it can change when users get merged into one or the site switches auth methods; none of that should happen in the Wikimedia cluster. (Also user merge means the merged account won't be used anymore so no issue there. Site auth switch means everything storing central IDs gets messed up so you'd have far bigger problems than Discourse; such a site would probably have to come up with a method of providing stable legacy IDs anyway.)
Slightly less theoretically, it's possible for a user to not have a central ID. It's fine to just prevent those users from logging in.

Is it possible to have two or more emails associated with the same account?

No, although there have been proposals along those lines (T129747: Proposal: allow a second email address (wikimail, password reset, notifications)). Do we need to care? The OAuth identity check is still going to provide one email address.

Thanks. In terms of making usernames uniform, even for those who used the Phabricator login method (and were allowed to create whatever username they'd like), would a good approach be to change the user's Discourse username to their Wikimedia username upon their first login with OAuth? (Sorry just dropped this here, may have been better for another related discussion but I figured I had your attention!)

I don't have a good understanding of that changing a Doscourse username entails. Presumably it will break all the @-mentions; can it cause any problems on the Discourse site beyond that?

would a good approach be to change the user's Discourse username to their Wikimedia username upon their first login with OAuth?

Here is the bug: My Wikimedia name contains a space, Discourse doesn't allow a space in the user name.