1. why customers have the options to remove their external authentication record ?
there should be a setting allow admin to ignore that.
2. main problem
Registered customers or customers who removed the external record and wishes to login with facebook, the system returns an message: "email already exists" and block the login.
I think in this case the system should create an external authentication record on the existing customer account and let the customer proceed with the facebook login.
my suggestion is let customers create and external record on an existing registered account
Provides access to the person's primary email address via the email property on the user object.
Do not spam users. Your use of email must comply with both Facebook policies and with the CAN-SPAM Act.
Note, even if you request the email permission it is not guaranteed you will get an email address. For example, if someone signed up for Facebook with a phone number instead of an email address, the email field may be empty.
Your app may use this permission without review from Facebook.
Users who are registered by their phone number not by email, in that case Facebook dont provide email address. In that case we have to change logic for Facebook authentication