Find the Correct Linked User

Problem statement

There is a requirement to link two users associated with the same connection as a secondary account to another connection. For further information, refer to User Account Linking.

However, when the user attempts to log in from one of the linked secondary accounts, it is not possible to identify which instance of that user is logging in during the execution of Rules or Actions.

Explain how Rules or Actions can identify which instance of a linked user account is associated with the current login flow.

Steps to reproduce

In summary:

  1. Link more than one account from a connection
  2. Log in with one of those accounts
  3. The instance of that user’s linked identity cannot be clearly determined from within Rules or Actions

Cause

During the execution of Rules or Actions, it is possible to determine the active connection. However, the linked secondary identity cannot be ascertained. This is a current limitation of the product.

Solution

Current Limitations

The ideal solution is to have the currently logged-in user’s identity linked as a secondary account in the Rules and/or Actions.

Actions Limitations

At this moment in time, Actions has the following limitations about Account Linking:

  • primary_user_id is limited to 128 characters
  • setPrimaryUser can be called once per transaction
  • Any userMetadata set in the same Action as setPrimaryUser is discarded and will be lost. Subsequent Actions within the same transaction will retain userMetadata on the new primary user.
  • setPrimaryUser can not be used in the same transaction where a Rule sets context.primaryUser.

For further information, refer to Actions - Limitations

Login Flow of Actions

The Login Flow of Actions currently only permits changing the Primary user for the login transactions. This is achieved through an API call to api.authentication.setPrimaryUser(primary_user_id)
For further information, refer to Actions Triggers - post-login API Object

Request the feature

At the time of this writing ( February 2024), there is no solution to determining the linked secondary identity. Customers who would like to see this feature in a future release of Auth0 are encouraged to submit a feature request via our Customer Feedback page. This will help our Product team to determine priorities for future releases.

Related References