I am trying to develop a rule that will link users with the same email.
The thing is that all links in the community/Google results in 404โs - do you have a valid link to this rule?
Thanks in advance
I am trying to develop a rule that will link users with the same email.
The thing is that all links in the community/Google results in 404โs - do you have a valid link to this rule?
Thanks in advance
Hi Alex
This rule has been deprecated due to security issues.
Use the account linking extension instead.
John
Hi John.
The account linking extension looks promising - I will read more into this. Maybe Auth0 should throw out some redirects?
Hi @john.gateley - do you know if the auth0 extension is actively supported? An issue like this, with no responses from Auth0 makes me a bit scared of implementing it in production?
Uhh - even more depressing with this issue.
In our solution we are only using passwordless and Google auth. Therefore e-mails are always verified. Would that not make automatic account linking safe enough?
Hi Alex,
Yes, the account linking extensions is supported. The official docs are here:
On those threads you posted, the original poster made comments after a cleanup bot had marked the thread as closed. We should have caught it, but I suspect the bot closing it removed it from the radar. If that ever happens, just start a new thread.
I cannot comment on the security of the scenario you are talking about. It avoids the major issue I know of, but I would need a security review before I could give it the thumbs up.
It is vulnerable to the scenario where a few months down the road you add a username/password DB into the equation and then the large security hole is open, unless you remember to come back and fix the rule.
John
Thanks so much for answering I will go ahead with the extension then, and try it out.
Hi @john.gateley - I currently struggle with 2 issues with the account link extension, just mentioning here fyi:
Thanks for your help so far, but I hope I can nail this problem soon
This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.