Where account-linking provides a way to link 2 accounts, our goal is to completely replace an account with another.
Social accounts are not created until an attempted login with that idp. We therefore are unable to assign roles/permissions to that user. We are not interested in allowing that user to login via username/password, and we don’t want to require our admins to have to wait to assign roles to a user until after that user has logged in.
We create the username-password account, assign it roles/permissions, but do not give anyone access to log into this account. When the user with that same email attempts to authenticate with a given idp, Auth0 automatically creates that social account. We modify the account-linking rule to transfer roles from the username-password account to the social account, then delete the username-password account.
Has anyone attempted something like this before?
Any opinions/insights on the proposed strategy?