we have recently stumbled upon a problem when linking user accounts - for example one created with email/password, and the other via Google Authentication Provider.
In order to link the accounts, we use the Management API, wrapped within an SDK, on the backend side. Ideally, we would like to have the whole account merging logic hidden from our users, and just return ready-to-use id token that would be valid for any subsequent requests from users to our API, so that they don’t need to re-authenticate using merged account.
Looking at the documentation and API, we found out that account linking invocations return list of Identity objects, each of which contains, among others, an access_token field. However, according to our findings, this is not an id token, but merely an identity provider token that can be used to obtain the id token from identity providers, such as Google, Facebook, etc. Unfortunately, when looking at Auth0 documentation, we were not able to find a way to obtain the final id token - what we found were just references to providers’ documentation.
Is there any Auth0 abstraction built on top of identity providers that would allow us to pass an access token, and obtain an id token useful for our APIs?
Thank you in advance,