Do you have a valid link for the auth0 rule "link-users-by-email"?

alexab · May 20, 2020, 11:31am

I am trying to develop a rule that will link users with the same email.

The thing is that all links in the community/Google results in 404’s - do you have a valid link to this rule?

Thanks in advance

john.gateley · May 20, 2020, 2:21pm

Hi Alex

This rule has been deprecated due to security issues.
Use the account linking extension instead.

John

alexab · May 20, 2020, 5:11pm

Hi John.

The account linking extension looks promising - I will read more into this. Maybe Auth0 should throw out some redirects?

alexab · May 20, 2020, 5:47pm

Hi @john.gateley - do you know if the auth0 extension is actively supported? An issue like this, with no responses from Auth0 makes me a bit scared of implementing it in production?

Uhh - even more depressing with this issue.

In our solution we are only using passwordless and Google auth. Therefore e-mails are always verified. Would that not make automatic account linking safe enough?

john.gateley · May 20, 2020, 6:03pm

Hi Alex,

Yes, the account linking extensions is supported. The official docs are here:

On those threads you posted, the original poster made comments after a cleanup bot had marked the thread as closed. We should have caught it, but I suspect the bot closing it removed it from the radar. If that ever happens, just start a new thread.

I cannot comment on the security of the scenario you are talking about. It avoids the major issue I know of, but I would need a security review before I could give it the thumbs up.

It is vulnerable to the scenario where a few months down the road you add a username/password DB into the equation and then the large security hole is open, unless you remember to come back and fix the rule.

John

alexab · May 20, 2020, 6:12pm

Thanks so much for answering I will go ahead with the extension then, and try it out.

Hi @john.gateley - I currently struggle with 2 issues with the account link extension, just mentioning here fyi:

Thanks for your help so far, but I hope I can nail this problem soon

system · June 4, 2020, 6:12pm

This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Auth0 Account Linking Extension not working? Get Help authorization-extens , extensions	4	2885	April 14, 2022
Does the account link extension support passwordless as primary account? Get Help account-linking	6	4710	February 25, 2021
Does the account link extension rule finish before executing the next rule? Get Help auth0 , auth0-rules	3	3409	January 8, 2024
Passwordless linking supported in account linking extension Product Feedback link-users , linking , passwordless , magic-link , linking-account	4	3263	October 5, 2022
Migrating Account Link Extension to Actions Get Help extensions , auth0-account-link	4	1091	August 16, 2023

Do you have a valid link for the auth0 rule "link-users-by-email"?

Related topics