Link multiple OAuth IDs on one provider to one account

Like most people, I have a work email and a personal email. I am coding a tool that allows a user to interact with APIs on Google. It works great for one account currently, although I’m looking to switch to auth0 to make things simpler.

In this app, the user will create an account through any means (email+password or social or otherwise). We will call that the “golden record.” Then they will authorize, through OAuth, my app to make calls out to APIs on their behalf (for example, to read their Google contacts). I see that with a single account, this is easy. And, in addition, auth0 makes it possible to link multiple providers to one golden record - Link User Accounts

After I implemented some of this in Firebase, I realized that Firebase can’t do something I need, and auth0 neither confirms or denies that it can: the ability to link multiple identities from a single provider to a single golden record. In other words, have my work email (Google Workspace) and personal Google account associated with a single account. Is this possible? Is it documented? I don’t need to care about merging any of the basic profile data, like pictures, so resolving conflicts therein is not an issue.

So, from the end user’s perspective, it would look like this:

  • Go to app. Click “Sign up with Google.”
  • Choose their personal Gmail account.
  • I need a bunch of OAuth scopes, so they would consent to that on a separate page.
  • Now they have an account and are signed in. Then they want to link their work account.
  • Click a button that says “Link another Google account”
  • Redirect to OAuth consent page, grant permissions, etc.
  • That redirects back to the page. Now they have two google accounts associated with their account on my app.

Then, after they sign out and sign back in again, they can choose either Google account, and they will be signed in identically. Is it possible with Auth0, or shall I roll my own?

Hi @liam-ssg ,

I understand you want to link multiple identities (emails) from a single provider to a single record. The existing user account linking solution can only link users from different providers with the same email as one account.

As a workaround, you can try calling the link user account endpoint to link users with different emails. I tested this endpoint, and it works fine.

Hopefully this can be helpful to you!