Import single user from Custom Database connection for account linking

Hello,

I have a Custom Database connection with “Import Users to Auth0” flag currently disabled (the external database should remain the source of truth for users).

I’m adding Google Login support (on top of username/password) and would like to set it up so that it only allows login if you’re already a registered user in the database.

From what I’ve found out so far, this probably should be done using a custom Action that runs post login. I imagine the action should work like this:

if the user logs in using a social connection:
    if email is not validated in social connection:
        reject login with error message
    find Database user with the same e-mail
    if user is found and has social login enabled in metadata:
        merge Google identity into Database identity 
        finalize login with merged Database identity
    else
        reject login with error message

I already found that I can use Management API within the Action in order to search users (/api/v2/users/{id}/organizations) and perform the actual identity merge, however there’s a problem:

Looks like the search API won’t find the user if the user has never logged in via username/password before. I tried this by searching for an e-mail using the API (no hits) and then trying the same e-mail in the Custom Database dashboard when testing the Get User script (this time the user was found).

I think I need some kind of way to tell Auth0 to “import” the user profile from my Custom Database by e-mail, so that I receive an Auth0 ID which I can then pass to Identity Merge API. But I only found the Bulk Import API that creates a background job and not usable from within an Action.

What would be the correct way to move forward?

Best,

  • Tom
1 Like

I am facing a similar issue. I need to send a password change e-mail to the user before he logs in for the first time, but the user already exists on our database. To create a password change ticket we need the user’s id, but we cannot get it if the user was never “imported” into auth0.