The user object returned by useAuth0 (“@auth0/auth0-react”: “^1.12.1”) does not provide the user_id. Therefore, if there are multiple accounts with the same email address, which would occur where a user registered multiply through different social and auth0 connections, I see no way by which the application could know which of the user account has logged in.
I suppose there might be some scenarios where an application would not need to disambiguate between these accounts, treating them collectively, for its purposes, as the same logical user. However, in my case, my backend will be gleaning user details from the user objects returned by the ‘…/users-by-email’ endpoint, which could differ between the connections and, in any event, I would like to maintain an accurate link between my internal user account and an Auth0 user account.
Is there a tenant application configuration for guarding against the registration of multiple accounts with the same email? Otherwise, do you have any suggestions on how to resolve this?
Thanks for getting back. I believe I found the ‘user’ object’s ‘user_id’ property, but for some reason it is being named ‘sub’ on the version of the user object that is retrieved by the useAuth0 function of the @auth0/auth0-react library.
Here is the ‘sub’ property value of one of my test accounts:
auth0|63e54a3012d4e9a01f315f33
It is working for me, with the user_id allowing me to retrieve the richer amount of user information readily available from the management API which I call from my resource server
BTW, apologies for my delayed responses as I am not getting email notifications to my O365 tenant. I understand from posts I’ve seen on this forum that there is a system enhancement pending for the Auth0 system to bring it up to the SMTP security progression adopted my MS late last year?