using one identity provider (e.g., Google) encounter errors when later attempting to log in using another method (e.g., email/password) with the same email

I hope you’re all well.

We’re currently using Auth0 on our platform, and we’ve run into an issue where users who initially sign up using one identity provider (e.g., Google) encounter errors when later attempting to log in using another method (e.g., email/password) with the same email address.

The error message received is:

“There was a problem with your login: There is a user with the same email. [error code: unknown]”

We understand that Auth0 treats these as separate identities and does not automatically link them by default. However, we would like to streamline the user experience by automatically linking accounts that share the same verified email address.

Specifically, we would appreciate help with the following:

1. Confirming the safest and recommended approach to automatically link user accounts across different identity providers (e.g., Google and Auth0 database) when the emails match.
2. Clarifying any risks or best practices we should consider to avoid accidental or malicious account merging.
3. Guidance on implementing this solution via Actions or Rules, including how to correctly authenticate the Management API for account linking.
4. Whether there are any built-in Auth0 configurations or roadmap features that would support this use case more directly in the future.

Our use case is relatively straightforward: we want users to be able to log in with any previously used method without running into duplicate account errors.

Thank you in advance for your guidance and support. Please let us know if you need any additional information about our tenant or setup..

Hi @gavin1 our team is still working in the background. A member of our Auth0 certified community engineering team will help you from here. cc @dawid.matuszczyk

Hi @gavin1

Welcome to the Auth0 Community!

Thank you for posting your question. The Post‑Login Action that links only when both identities have the same, verified e‑mail and come from trusted IdPs is the recommended approach that we can propose at this time for the account linking. The high-level overview you find under this link → https://auth0.com/docs/manage-users/user-accounts/user-account-linking, and if you want the check the use case on the client-side implementation you can find it here → https://auth0.com/docs/manage-users/user-accounts/user-account-linking/user-initiated-account-linking-client-side-implementation. You can find the code snippet for the action in the Action Templates Library → https://auth0.com/docs/customize/actions/actions-templates

In terms of the precautions, for both manual and automatic account links, your tenant should request authentication for both accounts before linking occurs.

In addition, every manual account link should prompt the user to enter credentials.

Additional Sources:

• Account Linking Using Post-Login Actions
• Account Linking Considerations for Email Case Sensitivity
• How to Implement Client-Side User Initiated Account Linking

Thanks
Dawid