Best practices for Social Login

I’ve recently enabled a few of the social logins - which is great, it seems to really speed up the sign-in / sign-up process.
The trouble is now, I’m getting returning users coming back, forgetting which social login they used and trying to use the password reset flow to gain access. Given they have no password with us, this does not work, and they get frustrated and require support.
I am going to enable the account linking app to at least mitigate some of the issues, but even after I do this, it won’t solve this exact problem of a user who has never created a username-password account in our tenant.
Is there a way to automatically create a linked account from a social login, or some other way to recognize an existing social login user and prompt them?

Hi @api-nick,

There isn’t a built in function to handle this type of UX, but you could build something in rules.

When a social user logs in for the first time, you can create a username/pw account for them with the same email and link the accounts. Then, if they try to do a pw reset, they should be able to get the email reset link and go from there.

Does that make sense?

1 Like

Ah yes, that makes sense.
I see the create user API, and I know there’s an API to link accounts too. Presumably I can either create a random dummy password or not specify one at all?

You must specify a password. In this case, you could add a random password as a placeholder.

This library is available in rules, and is very straight forward:

Hopefully that helps!

This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.