Auth0 Home Blog Docs

Users with the same user_id are impossible to update correctly

bug
google

#1

When we get the users by emails, we noticed that we got some users with the same user_id returned.

For example myself:
when I http GET https://easymile-sitecc.eu.auth0.com/api/v2/users-by-email?email=my_email@ddress.com

I get a lot of responses with the same user_id

[
  {
    "email": "my_email@ddress.com",
    "identities": [
      {
        "connection": "my-connection-1",
        "provider": "google-oauth2",
        "user_id": "my-google-oauth2-id"
      }
    ],
    "user_id": "google-oauth2|my-google-oauth2-id"
  },
  {
    "email": "my_email@ddress.com",
    "identities": [
      {
        "connection": "my-completely-other-connection",
        "provider": "google-oauth2",
        "user_id": "my-google-oauth2-id"
      }
    ],
    "user_id": "google-oauth2|my-google-oauth2-id"
  }
]

In this little example, if I want to update the first, I can’t because when I perform an http GET on ‘https://easymile-sitecc.eu.auth0.com/api/v2/users/google-oauth2|my-google-oauth2-id’ I only get one result, and it’s not the same one when I do a PATCH (For updating app_metadata in my case)

What I want to do is be able to update a user for a particular connection, and that does not seem to be possible.

Am I missing something obvious here?
I tried to use the application (client_id/secret) associated to the connection I wanted to update but the same issue is here.

Regards,
Michaël Bitard


#2

:wave: @michael.bitard If it’s the case where your databases return the same IDs for different connections, what we can do is prepend a connection identifier to the user_id in the custom DB script so that the Auth0 user_ids will stay unique. For example, if you prepend ‘staging’ or ‘prod’ to the user_id in the respective connections, the Auth0 user IDs will be for example auth0|staging|1234 and auth0|prod|1234 respectively.

In a social provider context, the two users in Auth0 could point to the same user in the IdP so both would have the same user ID, but are from two different connections. The two connections will be the reason they appear as two users, despite the same IDs, as the connections are different. Therefore, when we are searching and updating via the API we would need to filter by the connection name to get the exact user. I would recommend against creating multiple connections for a single identity provider though.


#3

Hello @kim.noel

The problem is with social providers (So I can’t use custom DB script right?).
The main issue is that I can’t update the correct user, because when I search for it, I get a user_id, but when I PATCH this user it’s another one with the same user_id who is patched (Technically It’s the same user, but belonging to a different connection).
From what I see the problem is with the users api, auth0 is based on unique user_id which are not unique, so we should have a way to identify a user in order to PATCH it.