Allow Auth0 Users to have multiple signins / auth0ids after they merge their auth0 accounts about prisma1 HOT 6 CLOSED

So I got a version/workaround working that basically goes like this:

-when a user starts the login/signup process using username/pw provider, check to see if they have a graph.cool account
-if they do and its a username/pw account, proceed as usual
-if they do but its a facebook account, tell them they should just login with facebook and don't let them use username/pw

-when a user starts the login/signup process using fb, let them signup/login through facebook then check to see if they have a graph.cool account
-if they do and its a fb account, no problem, proceed as usual
-if they do but its a username/pw account, prompt them to connect their facebook profile to it by signing in with their username/pw account and then using auth0's api to link the two accounts on auth0's end -- once you do that you can login to graph.cool with either fb or username/pw without any duplication problems.

Will try to give a live example / code once I iron a few things out. Also Auth0 keeps messing with their api docs -- like, while I'm working on this... so who knows what will be the best way to do this tomorrow... 🙄

from prisma1.

I'm working on a solution for this and right now I'm thinking that the best way to handle it is to make sure that a second graph.cool user never gets created. I'm going to try and set up my authentication process so that it automatically creates the new auth0 account and merges it with the existing so that graph.cool never needs to worry about multiple auth0ids. I'll let you know how it goes.

from prisma1.

@carlpeaslee when you link the accounts, there is a primary and secondary user. In my experience, as long as you maintain the primary user in the linking process, the Graph.cool account persists between the various connections. Auth0 provides a Rule for this, which I am using, but you need to reverse the user Ids in the API call when linking the accounts in order to maintain the primary user.

However, depending on your login/signup flow, this can cause problems. The accesstoken/idtoken returned from Auth0 on the first login attempt when the accounts are not yet linked (the rule has not run yet) are not valid. I am assuming this is because that user doesn't get created and instead gets merged, so we actually want the accessToken and IdToken from the primary user that this login will be merged with.

I am still working on a way to solve that issue for my own use, but it only happens on the first login, but all subsequent logins (once the accounts are merged) the idToken/accessToken are correct and everything persists in Graph.cool.

from prisma1.

Hello guys, I'm facing the same issues here. How about creating a Hook to actually create the Graphcool user directly from Auth0?

from prisma1.

I'm facing the same issues. +1 for @picosam requesting a Hook.

@cartogram I am not sure how you are reversing it. Where in the rule do you modify it? Do you just call data = data.reverse() before the loop?

from prisma1.

This issue has been moved to graphcool/graphcool-framework.

from prisma1.