Hi there. I’m struggling with a relatively basic use case and can’t find an answer for it.
I have “Organizations” turned on and required for my app. Users can sign in via email/pw or a social provider (ie GitHub). I’m trying to add a “Add a social provider” function, but the frontend & backend flows are distinct from another and if the email doesn’t match for the two accounts, there’s somehow no way to link them. The callback from GitHub works and auth0 creates a new social user, but the primary user id is missing in the backend request, and the frontend doesn’t get the secondary (social) user id, so I can’t connect the two?
What’s the best way to handle this?
Hi @PatrickHeneise
Welcome back to the Auth0 Community!
From what I understand, it appears that when the user tries to add a social account, their session is being replaced with the social one instead of keeping the initial session and just extracting the profile information in order to initiate the account linking. Your main approach would be to link the account depending on the user validating the credentials and not link them if the emails are matching since some social providers do not require you to have an email attached to the account.
Since the approach that you are talking about appears to be a User Initiated Account Linking, you would need to first have the user authenticate inside the app and then verify the credentials of the account that they wish to link.
I would highly recommend going through our User Account Linking documentation since it should tackle the issue of the email address not matching because this type of account linking can be done regardless of that. If you have any other questions or issues, let me know!
Kind Regards,
Nik
Thanks @nik.baleca! I’ve been going through several iterations based on the account linking docs, hence my question here as it’s not working as expected.
I tried both the popup and redirect to the auth0 screen to authenticate GitHub. The problem with the account linking is that both accounts need to exist, so I initiate the account creation and that works. The session/JWT is not replaced, I’m still logged in with my username/password account, but I get an error that the new user requires organization membership. In the callback from auth0 I don’t seem to get the secondary account ID, so I can’t send that to my backend to link the accounts.
I’m using the react-sdk and followed this example here auth0-link-accounts-sample/SPA/public/js/app.js at master · auth0-samples/auth0-link-accounts-sample · GitHub - what am I missing?
This is what Claude tells me the problem is:
1. User clicks “Link GitHub” → useGitHubLinking redirects to https://{domain}/authorize?..
2. Auth0 authorization endpoint checks organization_usage = “require” on the client
3. Auth0 blocks the request because we’re not passing an organization parameter (by design - the secondary account doesn’t belong to any org yet)
4. Auth0 redirects back to our callback with error=invalid_request&error_description=client requires organization membership…
5. Our callback code reads the error parameters and displays them (working correctly)
Is that truly the problem, that I require the organization? The (GitHub) user is created in Auth0 without the org, so linking it to an account with org should be possible, no?