I’m setting up automatic migration of my existing username/password auth users. It works just as you’d expect: a user attempts password login the first time, my database is accessed for a representation of the user, and they are created in the Auth0 system.
I’m also using account linking. Again, this works exactly as you’d expect: a user logs in with a social account, Auth0 checks for their email, and links their account with an existing user if possible.
My question, then, is how these systems work together… It appears that Auth0 does NOT attempt to run automatic migration for a social login. Is this true? My observation is this:
I login with my Gmail account before ever logging in with username/password. Automatic migration does no run, so a new gmail-specific user is created.
Next, I logout and then log back in with my username/password. This runs automatic migration, and pulls my user record from my database. It also detects that the account email matches a Gmail login, so attempts to link them.
While this process technically works, what I end up with is a gmail user that has my password user attached to it. It would expect the reverse to be true: I want a password user with a gmail user attached to it. Should automatic migration have run to create the password user for that email address before creating the social account? If not, is there a way to specify which account candidate is primary/secondary while performing account linking?