We have existing functionality that lets users “link” social accounts. For example, if user A logs in, then they can navigate to a page and manually link their social accounts. With Auth0, we decided to use the link and unlink management API to link users as the extension would be new functionality.
User A decides to link their facebook account. So they are redirected to Auth0 to sign up with their facebook account.
We have a post login action that will call the link management api to link the two accounts.
User A returns to the page.
My question is can User A continue using the web application with abc@gmail.com or will they need to re-login? Will their Auth0 session be tied to the new facebook account?
It depends on which account you are setting as the primary user vs secondary user.
If the user signs up with their Facebook account and it is set as the primary user during account linking, the user should remain logged in as the new facebook account they just signed up with.
If the user signs up with their Facebook account, but abc@gmail.com is set as the primary user, you must also set and return abc@gmail.com as the event.user in the Action. This will let the authentication flow continue for the user and allow them to be remained logged in, but as the original abc@gmail.com account.
Note: I’ve only done this for Auth0 Rules, but for Auth0 Actions please reference this previous community post - specifically the part about returning the “new” primary user in the update