Two accounts are not linked automatically (case sensitive issue)


We’ve faced a particular issue with account linking on Auth0.
User was registered twice:

  1. Via Auth0 form with email (example)
  2. Via Google sign in (linked as idp to Auth0)

We have this rule configured on Auth0 - Auth0. And in case users from Auth0 and Google forms have exactly same email (e.g. it works perfectly fine. However it doesn’t work with two emails having different cases, looks like Auth0 treats them as 2 separate users.

As I’ve seen Auth0 automatically converts uppercase name in email to lowercase when using Auth0 form to signup. However it’s not the case when user is registered with Google as identity provider. Email of a user is still displayed as and that’s probably the reason why merging is not working.

Therefore this looks to me like a bug as a behavior is very unexpected and this created an issue in our system.

1 Like

Hi @yy-vgs

I am trying to solve this issue too, I found the ‘link-users-by-email’ rule searches for users using this API Retrieve Users with Get Users by Email Endpoint. Here it specifies the search is case sensitive.

Did you end up working out a solution?

i also would like to know if anything came from this. it seems like it must be a pretty common occurrence

Haven’t looked for a way to query non-case-sensitive yet (maybe the more allows it? Need to check that myself…), but in case it’s not available in other ways, one way would be to either always lowercase all email addresses at user signup (i.e. using a hook, though that would only work for database connections) or at login time using a rule.

If you want to keep the case of the original email used by the user in place, you can (via rule) store a all-lowercase version of his/her email address in the user’s metadata, which can be queried as well.

UPDATE: I can confirm, the endpoint works case-insensitive, so that’ll do.

Jan 2022 - i can say for sure the API is case sensitive , is this a regression ?

Is this still an issue?

I’ve just added Microsoft Azure AD authentication as I have a client that is transitioning from Google to MS and this issue has just been raised by a user.

Looking at using the account link extension and this does appear to still be an issue (using Microsoft Azure AD too)

I would encourage you to file a feedback card using our Feedback category here: