I’m in the process of writing a post login action that links user accounts based on their ids from social providers (loosely based on this). I’m working with another system that has an existing table of verified links between social accounts. As part of this, I’m making a call to the ManagementClient to link two user accounts, but have run into an error message that doesn’t seem to be covered by any of the documentation. I’ve been able to replicate the same situation outside of the action by calling the API link API.
A sanitized example CURL request (generated from the docs) looks like so, when attempting to link an auth0 style user account to an existing Google account:
curl -L 'https://XXX.us.auth0.com/api/v2/users/google-oauth2%7CYYYYYYYY/identities' \
-H 'Content-Type: application/json' \
-H 'Accept: application/json' \
-H 'Authorization: Bearer 🔒' \
-d '{"provider":"auth0","user_id":"41"}'
When I make that call, I get the following response:
{
"statusCode": 400,
"error": "Bad Request",
"message": "the provided secondary account does not exist"
}
That particular message - “the provided secondary account does not exist” - doesn’t appear in any docs or search results that I’ve been able to find. I’ve verified that I do indeed have a user with an id of auth0|41 in my tenant.
Now for the weird part: if I remove the quotation marks around the id in the request, like so:
-d '{"provider":"auth0","user_id":41}'
… the request works, and the accounts are successfully linked. It also works if I give it a provider of google-oauth2 and a valid user id that is a string. It only seems to be the auth0 provider that requires the id to be a number.
This strikes me as particularly odd, as I would have thought that all user ids would be treated as strings (especially when coming from other providers that may have GUID/UUID style ids that include dashes or hexadecimal values).
Any idea on what I might be doing wrong here?