How is user_id generated with google-oauth2?

We have Auth0 configured to allow login with Google as a social connection. When people log in, they get a user_id in the form of google-oauth2|0011223344556677889900.

Where does this value come from, or how is it generated? Even when they log into a different Auth0 tenant, they still get the same user_id… or so I thought.

Until today, I’ve noticed that users with the same gmail address always have exactly the same user_id values among different Auth0 tenants. But today I came across a case where one user had different user_id values for the same email address! I think it’s probably related to the fact that the user’s email address changed after the initial account was created, and then one of the Auth0 accounts was deleted and re-created.

Where can I find documentation about this value that lays out exactly what assumptions are safe to make, and under what circumstances the value might change?

Hi @nic.waller,

The assumptions you can make are listed here:

There isn’t much in terms of guidance that we give. It looks like you can assume it will be unique, and you can predict the provider.

They are as yet working however it is prescribed to move to a validation through google OAuth2 get to tokens.

Hi @nancyhawkins181,

Im not sure I understand what you mean Can you explain?

That page didn’t quite answer my question, so I submitted a pull request to improve that page.

Thanks for adding the PR @nic.waller. The docs team will take a look.

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.