Auth0 Account Linking Extension not working?

I just set up the Auth0 Account linking for our tenant. Currently we have users with a username/password login. We also just added Google login. I enabled the extension and changed the domain in the rule to our custom domain, and when I login with google it takes me to the account linking page as expected. I tell it to link and it redirects me back to login which I then do, but when I go check in Auth0, the google account does not share any of the roles/scopes from the shared account. In addition I don’t see multiple identities under either of the users as I would expect from

Everything on paper seems to be working but I must be missing something.

Hi @bconrad ,

Welcome to the Auth0 Community!

The Auth0 Account linking extension can link users with the same email but different connections as one user/entity on the Auth0 dashboard.

I tested this issue and noticed that the roles from the username-password connection are not saved under the new user after account linking. I will continue looking into this and will get back to you.

Meantime, let’s see if anyone from our community can shed some light on this topic.

1 Like

Hi there. Just wanted to check if there is any update to this issue?

Hi @bconrad ,

Sorry about the delay.

I did more research on this topic. There are two options for assigning roles/scopes to users.

  1. Core RBAC
  2. Authentication Extension

For the Core RBAC feature, we create the roles and assign them to users on the Auth0 dashboard → User Management → Users/Roles. And we can see the details in the user settings.

The Authentication Extension is a legacy implementation and will be replaced by the Core RBAC feature eventually. With the Authorization Extension, we store authorization data like groups, roles, or permissions in the outgoing token issued by Auth0. So the groups/roles are not visible in the user settings regardless of whether users are linked or not.

Is there any reason you want to use the Authentication extension instead of the Core RBAC feature?

My question didn’t have to do with the Authentication Extension, it had to do with the Account Linking Extension. When a user logs in with Google but already has a user/pass account, it prompts them to link accounts, but then when I go check the new Google account that was created in Auth0, doesn’t have any of the roles or permissions of the account it was linked it.

We want to move our users from user/pass to google login but want to avoid having to manually transfer roles and permissions.