What if a user is already registered with email/password but decide to sign up with a social login?

Hello, first of all thanks a lot for all your help.

I currently have userbase which is all registered using email and password and now i’m migrating my login system to auth0.

How do i make sure that if a user decides to login or sign up with facebook, gmail or other social network that provides email will actually just log the user in with the current user he already own with such email?

Is that something that happens automatically with Auth0 ?

Hi @kokonuts

This is not supported without a little configuration. If a user signs in with an email and password, and then signs in later with a social account using the same email, they are two different accounts.

If you want the two accounts to represent the same user, you will need the account linking extension:
https://auth0.com/docs/users/user-account-linking

You cannot do this automatically - you MUST have the user prove they have access to both accounts before linking, otherwise there is an account hijacking attack. The extension takes care of this for you.

John

1 Like

This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.