Linking Accounts from Two Custom Social Connections

I’m looking for some advice/guidance in how to solve the following situation. We have two different custom social connections set up (different client id, token urls etc.), but they are backed by the same underlying user database. Both connections are OIDC compliant, and the custom social connection is set up to request the ‘sub’ scope so as to retrieve the user id.

I’m looking for a way during the login flow to link identities from both of these connections to the same user in auth0 if the user id has been seen from the other connection before (otherwise create the user).

I have a basic understanding of the pseudocode to accomplish this, but some of the actual implementation details are bit fuzzy for me.

  1. User logs in with one of the connections.
  2. Try to find user with the given id from one of the connections.
  3. Link the identity to user if it exists.

What’s the best way to accomplish this? Would it be a rule that runs when either of these connections is used? Or is it possible to customize the fetch user profile script that’s part of the custom social connection to do this?

If it’s a rule, does the rule run at a point in the pipeline where adding the identity to the original user will even make a difference (I want the second identity to be linked to the first user, and never actually have a second user in the system)?

Any help is appreciated, thanks!

We no longer actively recommend automatic account linking through rules because if not properly tested it can lead to scenario where it may be possible for the incorrect identity to be linked and as such cause a security incident. The recommendation would be to involve the end-user as mentioned in the scenarios described at (https://auth0.com/docs/users/user-account-linking#scenarios). Have you already considered those approaches?