Hello,
I have a Custom Database connection with “Import Users to Auth0” flag currently disabled (the external database should remain the source of truth for users).
I’m adding Google Login support (on top of username/password) and would like to set it up so that it only allows login if you’re already a registered user in the database.
From what I’ve found out so far, this probably should be done using a custom Action that runs post login. I imagine the action should work like this:
if the user logs in using a social connection:
if email is not validated in social connection:
reject login with error message
find Database user with the same e-mail
if user is found and has social login enabled in metadata:
merge Google identity into Database identity
finalize login with merged Database identity
else
reject login with error message
I already found that I can use Management API within the Action in order to search users (/api/v2/users/{id}/organizations
) and perform the actual identity merge, however there’s a problem:
Looks like the search API won’t find the user if the user has never logged in via username/password before. I tried this by searching for an e-mail using the API (no hits) and then trying the same e-mail in the Custom Database dashboard when testing the Get User script (this time the user was found).
I think I need some kind of way to tell Auth0 to “import” the user profile from my Custom Database by e-mail, so that I receive an Auth0 ID which I can then pass to Identity Merge API. But I only found the Bulk Import API that creates a background job and not usable from within an Action.
What would be the correct way to move forward?
Best,
- Tom