I am currently trying to create a login flow that goes like this:
-
User signs up with SMS passwordless OTP.
-
User then enters details such as email / address etc.
-
Check with auth0 API that email doesn’t currently exist, then add all details to user in external DB.
-
Prompt user to choose a password, then create a new auth0 user via the management API and link it to the current sms user, in theory allowing the user to login either way.
The issue I’m having is that while the sms user has the correct application authorized, the newly linked user does not (even if I create them using the same clientId etc.). Even though the new account is linked as secondary, it will not let me login to the application with the email / password method.
So my question is, is there anyway to achieve this flow? So allowing the user to login via passwordless SMS + email / password without them signing up twice.