Account Linking Skip Option

Hello guys,

I’m using the Account Linking Extension and I was wondering if there’s a way to hide the option to skip the linking and only show the “Continue” option.

image

2 Likes

Hey there!

Not sure about it but let me research that and get back to you as soon as I find something!

1 Like

Hi @konrad.sopala, do you have any updates on this?

As an alternative, we could setup a config to automatically link accounts without user permission. Is it possible?

regards,
Bruno.

1 Like

Not yet. Let me reping the team!

1 Like

I’m also interested in doing this. We’d like to have only one account per email in our database, and having multiple ones in Auth0 just causes confusion.

hi! Any updates on this?

1 Like

Hi all,
we just ran into the exact same problem. A user used a social login and chose to skip the linking, causing quite a few bugs in our backend.
I also couldn’t find a clean way to remove the skip option, so I just used a “hacky” way:

I just added custom CSS #skip{display:none} and it’s gone. Obviously not the cleanest thing todo, but it works.

Hope this can help some of you

1 Like

Thanks for sharing it with the rest of community!

1 Like

Hi @konrad.sopala,

We are also looking into disabling the skip option to force the user to link the social account.
However, the hack suggested by @fabian.uc is no longer valid as the option to add CustomCSS is removed in the latest version of the extension.
Please suggest an alternative.

I would also like to know if there is a way to identify whether a user chose to skip and create a separate account because social accounts are already created before the account linking screen.

This is to know whether the user made the choice to not link, so that we can prompt them to link again via our UI. As I see Auth0 asks only once to select.

Thank you

1 Like

Hello! Any updates on this matter? I would like to remove the “I want to skip this and create a new account.” option, as an easy way to force users to create a single account with their permission.

Hey Eva

As mentioned before it can be a bit hacky but can be done with CSS. This is the CSS I’ve decided to use

.auth0-lock-alternative {
      display: none;
}

But once this is done you will start to get an issue if the user decides to close the browser tab and try again they will no longer see the option to link accounts.

I managed to get around this by changing the rule that the account-link extension installs. It has this function on there

function firstLogin() {
    return context.stats.loginsCount <= 1;
}

I changed this logic to include a check for some app metadata that I install for every new user on the application, after this whenever the user returns with a newly created duplicated account it will come up with the prompt until the user decides to merge the accounts.

function firstLogin() {
    return context.stats.loginsCount <= 1 || !user.app_metadata || !user.app_metadata.registered_on_app;
}

Hope this was helpful

2 Likes

Although these suggestions (reflected also in the GitHub issue which I myself have contributed to) can help achieve the objective of forcing account linking, at the end of the day, we felt there must be a reason why Auth0 doesn’t provide this natively and we have to resort to what are essentially “hacks” to work around it.

Could it be that it reduces the security of the login system, defeating the purpose of using Auth0 in the first place?

Perhaps the right approach without hacks is to give the users an option to link accounts (in Auth0) to access the same data in your app using any of the linked accounts, or to create two separate data accounts in your app by choosing to skip linking. Maybe Auth0 wants us to be user-centric, in that we leave the choice of linking up to the user, and we honor that choice.

To achieve this though, in our app, we should be using the Auth0 subject (not the email) to identify the data that belongs to the user logged in. It is of course possible to use the email to identify the data, but then the accounts become quasi-linked in your app without them being truly linked in Auth0 - which can be considered insecure.