Stuck on an issue?

Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.

And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.

Merge identites by email overrides the original user_id

See original GitHub issue

I am using the rule to merge identites by email. However, when merge occurs, the user changes its user_id to the last recently identity added.

Such behavior causes a lot of identity issues - for example, when you try to get the user in a database using the user_id as search key.

Instead of overriding the original user_id, this rule should just add the new identity to the original one, and keep it’s user_id

Issue Analytics

State:
Created 7 years ago
Reactions:17
Comments:36 (16 by maintainers)

Top GitHub Comments

8reactions

AmaanCcommented, Sep 7, 2017

We’re still working on docs for this issue, but the feature is ready and has been rolled out. To use it, set context.primaryUser = primaryUserId (where primaryUserId === 'auth0|foo123' for example).

Sample Rule:

function(user, context, callback) {
  var request = require('request@2.56.0');
  // Check if email is verified, we shouldn't automatically
  // merge accounts if this is not the case.
  if (!user.email_verified) {
    return callback(null, user, context);
  }
  var userApiUrl = auth0.baseUrl + '/users';

  request({
      url: userApiUrl,
      headers: {
        Authorization: 'Bearer ' + auth0.accessToken
      },
      qs: {
        search_engine: 'v2',
        q: 'email.raw:"' + user.email + '" AND email_verified: "true" -user_id:"' + user.user_id + '"',
      }
    },
    function(err, response, body) {
      if (err) return callback(err);
      if (response.statusCode !== 200) return callback(new Error(body));

      var data = JSON.parse(body);
      if (data.length > 1) {
        return callback(new Error('[!] Rule: Multiple user profiles already exist - cannot select base profile to link with'));
      }
      if (data.length === 0) {
        console.log('[-] Skipping link rule');
        return callback(null, user, context);
      }

      var originalUser = data[0];
      var aryTmp = user.user_id.split('|');
      var provider = aryTmp[0];
      var newUserId = aryTmp[1];
      request.post({
        url: userApiUrl + '/' + originalUser.user_id + '/identities',
        headers: {
          Authorization: 'Bearer ' + auth0.accessToken
        },
        json: {
          provider: provider,
          user_id: newUserId
        }
      }, function(err, response, body) {
        if (response.statusCode >= 400) {
          return callback(new Error('Error linking account: ' + response.statusMessage));
        }
        context.primaryUser = originalUser.user_id;
        callback(null, user, context);
      });
    });
}

Note: If you see the Unable to construct sso user. error, odds are that it’s caused due to setting context.primaryUser to a non-existent user_id.

Could you guys thumbs-up to let me know if this fixes the original issue you had?

I’ll close it once docs are in place and the Rule templates have been updated.

8reactions

mattdodgecommented, Feb 21, 2017

I’m in for a +1 on this also and would propose re-opening it since it doesn’t seem inactive anymore.

One of the reasons I (and I assume others) pay for Auth0 is so that you guys manage the user database for me and I don’t have to. I can rely on the user ID that comes back in tokens and API requests to know which user it is. The problem with this account linking setup is that once a new login method is introduced and a user uses it, the old user ID essentially disappears. The only way to know about it is for me to keep a database or list of users and user IDs on my end which I don’t want to do.

However, I do appreciate the technical complexity that is involved. The user starts the login with one user ID and after the rule hits gets a different one. Certainly bizarre. I just think this is a valid feature/enhancement request and unless it’s a wontfix it would be nice to track progress somewhere.