Account linking with Auth0 actions

I have a user with verified e-mail abc@domain123.com in my application, logged in with passwordless. We are now enabling SSO for domain123, and I would like a seamless experience when abc@domain123.com signs in with SSO the first time (in other words, I don’t want to present the user with any account-linking GUI. It should “just” work). I’m aware that there are some potential security vulnerabilities when doing seamless account linking, but in this specific scenario it’s ok.

I have been in contact with Auth0 support where we discussed doing this in a rule, and I’m about to start implementing that. But then I log-in to auth0 and discover we now have something called actions :mega:.

Rules, hooks and actions :sweat_smile:

So in other words, is account-linking something I should accomplish using an action instead? And in case the answer is yes, what flow should I pick? Would love some general feedback on this one :relaxed:

update
I now have a working action that does the account linking. Works pretty good, so I will recommended using an action. Because of some logging limitations in auth0 custom actions, I have decided to move the actual code to a server-function we host, and then let the action call this endpoint.

If requested, I can add specific code snippets, but the most important part is to use the mgmt API to link the users, and then return the “new” primary user like this:

event.user = primaryUserAfterAccountLink;
return {
  user: primaryUserAfterAccountLink
}

cheers :beers:

5 Likes

Thank you for sharing your solution with the Community @alexab!

Quoting your solution here for others to see! :slight_smile: :

This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.

For anyone who finds this thread, and in the interest of clarity, changing the user context as described here apparently relies on now-deprecated functionality from the v1 programming model for the PostLogin trigger. As it stands today, only the context.primaryUser method works to change the primary user (see Context Object Properties in Rules for more details), and this only works within a Rule context.

2 Likes