Hi @john.gateley - do you know if the auth0 extension is actively supported? An issue like this, with no responses from Auth0 makes me a bit scared of implementing it in production?
Uhh - even more depressing with this issue.
In our solution we are only using passwordless and Google auth. Therefore e-mails are always verified. Would that not make automatic account linking safe enough?