Feature: Automatically link account by email - when configuration is ON.
Description: Many on this forum struggle with linking accounts , from the days of rules and now with Actions.
The amount of work needed for basic functionality which can be easily provided by auth0. of course this can be toggled on or off per user request.
Its also not very clear why the example is so complex that requires user consent and authentication on the other identity.
If user have logged in successfully , and it does not matter by which method - just link the accounts by email (with case insensitive) to the first account created. the concern of malicious actor described in the docs is irrelevant , users cannot pretend to someone else if they have been already authenticated with that email.
After all we control which SAML connections we trust, user cannot streal a google gmail account from another user - so what’s the big deal ?
Use-case: user start using our platform with basic user+password connection, later on their IT require the users to be logged in with their corporate SAML provider, or use corporate google login.
This user now have 2 different profiles - when we want to update it from our backend , we need to update 1 user not 2. hence the requirement for linking accounts.