User ID Used in Token with Linked Accounts

Overview

This article explains which user-id will be used in the token generated by Auth0 when a user has two linked accounts in the User Database in Auth0 under the following circumstances:

• The primary account has an enterprise connection with Azure AD.
• The secondary account uses the same email but a different user-id.
• They are linked using the account-link-extension.

Applies To

• Account linking
• user-id

Solution

After both identities are linked into one, the user_id of the primary identity provider will be in the access_token.

NOTE:

• The user_id and all other main profile properties continue to be those of the primary identity.
• The first identity in the user.identities array is the primary identity.
• The secondary account is now embedded in the user.identities array of the primary profile.
• The attributes of the secondary account are placed inside the profileData field of the corresponding identity inside the array.
• The user_metadata and app_metadata of the primary account has not changed.
• The user_metadata and app_metadata of the secondary account are discarded.
• There is no automatic merging of user profiles with associated identities.
• The secondary account is removed from the user’s list.
• If the primary account is deleted, the secondary account is deleted as well.

Related References

• User Account Linking