I’m implementing a new web service using auth0 to authenticate users. When the users log in, auth0 provides user_id. It’s my understanding that this user_id will be unique to that user. I will associate the user’s assets with that user_id, for ever. Whenever that user_id logs in, I give them the assets for their account.
The user_id can look like google-oauth2| for a google login, or auth0| for a username-password login.
It appears that if a user chooses username-password login, they can then change their password, email address, name, even gender, and still be given the same user_id when they log in. This is nice. It’s like opening a bank account, and changing your name, address, phone number, pin, but still having the same account and owning the same money.
But, if the user chooses to change google account used for the login, they are going to get a different user_id. I’ll need to provide some separate link, some separate administration, to connect a google-oauth2 (or any other provider) account to one of my user accounts.
Is this the way it’s meant to work? It seems rather unwieldy. Am I misunderstanding something here? Is there a standard solution to this problem?