Auth0 Home Blog Docs

Linking api (issue)

The behavior of the linking api does not seem correct.
If I link an sms user to an email user then link the same sms to a different email user (without unlinking first) both the first email user and the linked sms user are then linked to the other email user.
This does not seem safe. Why doesn’t the api prevent linking an already linked sms user? Also why does the api link both the email user and sms user?

Hi @ink,

It could be possible that the user has multiple email accounts they would like to link together. For instance, if I were to log in with sms, then my personal email, then my work email, and wanted to like all 3 accounts to one profile, I would need to have the three accounts linked.

I don’t know what would make that not safe, as long as the accounts are all verified. I may be misunderstanding the issue here, if so please elaborate.

Let me know.

Thanks,
Dan