Challenge - We’ve found this to be a very common use case
- New Customer creates a user account with a Social identity (let’s say Google), does their thing and leaves happy
- Six months later they return and try to sign in. Forgetting that they used Google, they try a few of their usual email/password combos, none of which will ever work
- User drops their email in the Reset Password form, which warmly advises their password reset email has been sent
- Password reset email will never be sent, as there’s no user with a “Database” Identity provider and matching email, only a “Google” identity
- Frustrated User receives no email, tries a few more times with that and other email addresses, then generates a support ticket or just gives up altogether
- Solve for the user’s intention of logging in. Extra points if we can insert the solution immediately after Challenge Step #3 above
Research Performed / Where we’re at
- This seems like a use case almost everyone encounters eventually if your users are Customers rather than Staff
- We are already doing some custom Linking Accounts work behind the scenes
- We’re also already using Rules for doing this automatically on email match
- We’ve come to the conclusion that the potential solution space here is really broad
- What is the Auth0 team’s idea on best practice?
- What have other orgs using Auth0 done for this use case?