We’ve faced a particular issue with account linking on Auth0.
User was registered twice:
Via Auth0 form with email a@test.com (example)
Via Google sign in (linked as idp to Auth0) A@test.com
We have this rule configured on Auth0 - Auth0. And in case users from Auth0 and Google forms have exactly same email (e.g. a@test.com) it works perfectly fine. However it doesn’t work with two emails having different cases, looks like Auth0 treats them as 2 separate users.
As I’ve seen Auth0 automatically converts uppercase name in email to lowercase when using Auth0 form to signup. However it’s not the case when user is registered with Google as identity provider. Email of a user is still displayed as A@test.com and that’s probably the reason why merging is not working.
Therefore this looks to me like a bug as a behavior is very unexpected and this created an issue in our system.
I am trying to solve this issue too, I found the ‘link-users-by-email’ rule searches for users using this API Retrieve Users with Get Users by Email Endpoint. Here it specifies the search is case sensitive.
Haven’t looked for a way to query non-case-sensitive yet (maybe the more https://auth0.com/docs/users/search/v3/get-users-endpoint allows it? Need to check that myself…), but in case it’s not available in other ways, one way would be to either always lowercase all email addresses at user signup (i.e. using a hook, though that would only work for database connections) or at login time using a rule.
If you want to keep the case of the original email used by the user in place, you can (via rule) store a all-lowercase version of his/her email address in the user’s metadata, which can be queried as well.
UPDATE: I can confirm, the endpoint https://YOUR_TENANT.auth0.com/api/v2/users?q=A@test.com works case-insensitive, so that’ll do.
I’ve just added Microsoft Azure AD authentication as I have a client that is transitioning from Google to MS and this issue has just been raised by a user.
