Is it possible to determine how the user was authenticated? In my setup, the user can be authenticated by Facebook, GitHub, LinkedIn or Auth0 username/password. I also have it setup so accounts are linked based on same email address. For one of my test accounts, I have Facebook & LinkedIn profiles linked. I can see these 2 identities returned. Every time I login using either Facebook or LinkedIn, the ‘sub’ returned is always the linkedIn value. So, I’m not able to determine if the user authenticated via Facebook or LinkedIn.
My objective is to understand which service the user used to login with so I can display an icon representing which service they used. With my test account, I want to display LinkedIn when authenticated via LinkedIn or show Facebook when authenticated via Facebook. How do I surface from Auth0 which service was used for authentication?
@Tom_Schreck I am not sure if there is a better way, but I can see two ways to figure this out:
First way: Inside the id_token and access_token there is a sub claim in the payload that contains the user id. Each type of connection google, twitter, db, saml, etc will have a custom pre-fix. You could inspect the id_token in your application or the access_token in your api to discover this connection.
Second way: If you don’t want something a bit more explicit you can add a claim in the id_token and/or access_token to specify the connection name. To do this you can write a rule that does this:
// add connection name to id_token
context.idToken['https://yourdomain.com/claims/connection'] = context.connection;
// add connection name to access_token
context.accessToken['https://yourdomain.com/claims/connection'] = context.connection;
Then you could inspect the tokens to retrieve the connection that was used.
1 Like
Thank you very much. Your suggestion for a rule did the trick!
2 Likes