Problem statement
There is a requirement to link two users associated with the same connection as a secondary account to another connection. For further information, refer to User Account Linking.
However, when the user attempts to log in from one of the linked secondary accounts, it is not possible to identify which instance of that user is logging in during the execution of Rules or Actions.
Explain how Rules or Actions can identify which instance of a linked user account is associated with the current login flow.
Steps to reproduce
In summary:
- Link more than one account from a connection
- Log in with one of those accounts
- The instance of that user’s linked identity cannot be clearly determined from within Rules or Actions
Cause
During the execution of Rules or Actions, it is possible to determine the active connection. However, the linked secondary identity cannot be ascertained. This is a current limitation of the product.
Solution
Current Limitations
The ideal solution is to have the currently logged-in user’s identity linked as a secondary account in the Rules and/or Actions.
Actions Limitations
At this moment in time, Actions has the following limitations about Account Linking:
primary_user_id
is limited to 128 characterssetPrimaryUser
can be called once per transaction- Any userMetadata set in the same Action as
setPrimaryUser
is discarded and will be lost. Subsequent Actions within the same transaction will retain userMetadata on the new primary user. setPrimaryUser
can not be used in the same transaction where a Rule setscontext.primaryUser.
For further information, refer to Actions - Limitations
Login Flow of Actions
The Login Flow of Actions currently only permits changing the Primary user for the login transactions. This is achieved through an API call to api.authentication.setPrimaryUser(primary_user_id)
For further information, refer to Actions Triggers - post-login API Object
Request the feature
At the time of this writing ( February 2024), there is no solution to determining the linked secondary identity. Customers who would like to see this feature in a future release of Auth0 are encouraged to submit a feature request via our Customer Feedback page. This will help our Product team to determine priorities for future releases.