Auth0 Home Blog Docs

Invariant user_id and changing google login

user_id

#1

I’m implementing a new web service using auth0 to authenticate users. When the users log in, auth0 provides user_id. It’s my understanding that this user_id will be unique to that user. I will associate the user’s assets with that user_id, for ever. Whenever that user_id logs in, I give them the assets for their account.

The user_id can look like google-oauth2| for a google login, or auth0| for a username-password login.

It appears that if a user chooses username-password login, they can then change their password, email address, name, even gender, and still be given the same user_id when they log in. This is nice. It’s like opening a bank account, and changing your name, address, phone number, pin, but still having the same account and owning the same money.

But, if the user chooses to change google account used for the login, they are going to get a different user_id. I’ll need to provide some separate link, some separate administration, to connect a google-oauth2 (or any other provider) account to one of my user accounts.

Is this the way it’s meant to work? It seems rather unwieldy. Am I misunderstanding something here? Is there a standard solution to this problem?

Thanks!


#2

Hello :wave:

Thanks for the context and clearly-written question! :slight_smile: I’d like to clarify a few points before sharing any suggestions:

It’s my understanding that this user_id will be unique to that user.

That is mostly correct. The user_id is unique per connection.

But, if the user chooses to change google account used for the login, they are going to get a different user_id.

The user will not get a new user_id. Instead an entirely new user will be created for that connection.

i.e.: if a user logs-in with example@gmail.com using a DB connection and then logs-in with the Google Social Connection using the same email, they will be treated as separate accounts.

It sounds to me that you’re trying to treat a user with multiple accounts as a single entity (account). If that’s the case, you can take a look at our Account Linking Docs.

You can link accounts using the Management API: https://auth0.com/docs/api/management/v2#!/Users/post_identities

Alternatively, we have a rule which you can enable to automatically link accounts with the same email which you can enable via the Dashboard: https://github.com/auth0/rules/blob/master/rules/link-users-by-email.md

I hope that helps point you in the right direction and don’t hesitate to let me know if you have any further questions!


#3

Yes, that looks exactly what I want!

Thanks very much!