Problem statement
A business application has been designed to support two sub-applications:
- ‘Bookings’ places a booking and simultaneously creates an Auth0 account
- ‘my-login’ allows users to manage their accounts
The intention is that users have two different methods of signing in:
- Users have their accounts auto-generated by a custom API when placing a booking, with the connection type “username-password-authentication”
- When a user places their booking and the Auth0 account is made, metadata is attached to the user (or updated, if they already have an account).
‘Bookings’ was the first sub-application to be deployed: it worked successfully without issues. However, since ‘my-login’ was launched, it has been noticed that a very high number of duplicate accounts have been created, though with different connection IDs.
It has been determined that ‘my-login’ employs “Login with Passcode”, where users receive an email with a temporary authorization code, which can be used to log in. Rather than working as an alternative login method, it is making a second account with a Passwordless connection type ‘email’.
This is not the desired behavior as it prevents some users from logging in, as the application rejects accounts without the correct metadata and logs them out immediately.
There is an option to prevent passcode login from allowing new accounts to be made. However, with that option selected, some users are unable to log in using the assigned passcode.
Explain whether it is possible to give users two options to sign in, though without multiple accounts being created.
Symptoms
Each unique user may have two accounts in Auth0, each associated with a different type of connection. Typically, this might be username-password-authentication and Passwordless email/SMS. Each account shares the same user email address.
Cause
This is not a supported configuration. Each type of user account is associated with a connection and each sign-in method will be associated with its own connection(s).
For example, the user’s main account would be associated with the connection “Username-Password-Authentication”. If they then log in via Passwordless email, that user will have an additional account with the same email address. However, the user_id will be different and prefixed with email and a pipe character.
Related References
Solution
There is no solution at present.
It is recommended that a feature request is submitted to our Product team via the Customer Feedback page. Every request that is received will be reviewed and prioritized by a member of the team.