I am trying to develop a rule that will link users with the same email.
The thing is that all links in the community/Google results in 404โs - do you have a valid link to this rule?
Thanks in advance 
Hi Alex
This rule has been deprecated due to security issues.
Use the account linking extension instead.
John
1 Like
Hi John.
The account linking extension looks promising - I will read more into this. Maybe Auth0 should throw out some redirects?
Hi @john.gateley - do you know if the auth0 extension is actively supported? An issue like this, with no responses from Auth0 makes me a bit scared of implementing it in production?
Uhh - even more depressing with this issue.
In our solution we are only using passwordless and Google auth. Therefore e-mails are always verified. Would that not make automatic account linking safe enough?
Hi Alex,
Yes, the account linking extensions is supported. The official docs are here:
On those threads you posted, the original poster made comments after a cleanup bot had marked the thread as closed. We should have caught it, but I suspect the bot closing it removed it from the radar. If that ever happens, just start a new thread.
I cannot comment on the security of the scenario you are talking about. It avoids the major issue I know of, but I would need a security review before I could give it the thumbs up.
It is vulnerable to the scenario where a few months down the road you add a username/password DB into the equation and then the large security hole is open, unless you remember to come back and fix the rule.
John
1 Like
Thanks so much for answering 
I will go ahead with the extension then, and try it out.
Hi @john.gateley - I currently struggle with 2 issues with the account link extension, just mentioning here fyi:
- Does the account link extension support passwordless as primary account?
- Does the account link extension rule finish before executing the next rule?
Thanks for your help so far, but I hope I can nail this problem soon 
This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.