I’ve implemented a post-login action that links secondary user accounts to a primary user. The link works correctly - when a secondary user logs in, they get linked to the primary user, and their details are added to the identities array of the primary user.
The problem: When a secondary user logs in after being linked, I cannot find a way to determine which email address was actually used for this specific login attempt. I can access:
The primary user’s email
The full identities array containing all linked accounts
However, I cannot determine which of these identities/emails was used for the current login session.
What I’ve tried
I’ve examined the event object in the post-login action and searched through the user object properties, but I haven’t found any property that indicates which identity was used for the current authentication.
Question
Is there a way to determine which email address/identity was used in the current login attempt when working with linked accounts in post-login actions?
You could try calling the event.user.email in the post-login action script to determine the current user’s email address.
Once the accounts are linked between the first and second accounts, the secondary identity of the user may no longer exist as a discrete user. In this case, you might call api.authentication.setPrimaryUser(primary_user_id) to set the primary user of the linked accounts and indicate that the subject of the login should be changed to the existing primary identity account.
Once the accounts are linked and the user logs in next time through the secondary email, I need access to the secondary email but currently I found no way to get that. Is it currently possible to do it anyway? I don’t need the secondary user to exist as a discrete user, I just need the email the user used to login.
I have tested this on my end and found the same observations as you. It looks like the event.user.email_address property only returns the primary profile’s email address even when logging in with the secondary profile.
I have also checked the access token and see that it was issued for the primary profile’s user_id.
Unfortunately, there is no way to determine in a post login action which email address was used for the login attempt when the accounts are linked.
In this case, it might be worth submitting a Product Feedback request asking for a property to get the email address of a linked account logging in.