We’d like to assign roles and permissions to users connecting via social login (Google) based on their email address.
The reason is that we’re switching users from our existing internal auth system (based on Google OAuth) to Auth0, and we’d like to preserve their roles at their first login.
Our current idea is to create “placeholder” passwordless users with the correct roles and to link them to the OAuth google accounts on the first signin. Is this doable (and advisable) with a custom rule?
After a bit of research, I believe your strategy of creating passwordless users, assigning roles and then linking accounts will work for this. However, instead of writing a custom rule to link accounts, it’s recommended to use the Account Link Extension which is more secure than linking accounts automatically.
Here is some additional documentation around account linking: User Account Linking
As a followup question, is it possible to create passwordless users from the auth0 UI?
I’ve been successful at creating them using the API, but if I try from the UI I only see the possibility to create database (ie. with password) users.
Unfortunately, you can only create database users in the dashboard UI, not passwordless users. You will need to use the Management API to create them.
If this is a feature you’d like to see Auth0 support, I’d encourage you to create a topic in our new Feedback category. Members of the community can vote on the features they’d most like to see implemented. The category is reviewed by the product team.