Hello ! There is any way to support account linking by ourselves waiting the official implementation...

Untel

11/14/2022, 3:16 PM

Hello ! There is any way to support account linking by ourselves waiting the official implementation ?

rp_st

11/14/2022, 3:17 PM

Hey @Untel there is, you can customise your way through it. But it’s quite complex.

rp_st

11/14/2022, 3:17 PM

I would recommend that you instead disallow sign up if the email already exists using a different method.

rp_st

11/14/2022, 3:17 PM

That’s much easier to do

Untel

11/14/2022, 3:19 PM

hmm i don't really mean "Automatic account linking on signup based on email", but more: having multiple ThirdParty providers linked to the same user (so multiple signin && a page for linking accounts)

rp_st

11/14/2022, 3:20 PM

Ah I see. That’s quite complex too unfortunately. Several edge cases to get right.

rp_st

11/14/2022, 3:20 PM

That being said, I can probably make a small write up on it tomorrow

Untel

11/14/2022, 3:34 PM

Argh, i'm sad. I really deeped SuperTokens all the week end. Fall in love of it while i need something agnostic that support next & react native in the same way (NextAuth.js don't) Until now seeing account linking is not supported 😦 I look forward to your note, please ping me 🙂

rp_st

11/14/2022, 3:50 PM

Fair enough! We are working on it though. And an official impl of it should be out before the end of the year

rp_st

11/14/2022, 3:51 PM

That being said, I’ll do a write up on it sometime tomorrow here

rp_st

11/15/2022, 5:19 AM

hey @Untel so here is the writeup: - Start by overriding the backend signinup POST API to first check if a session exists using the

getSession

function with optional session verification. If a session exists, then you know that the user is logged in and that they are probably trying to link a social provider to their account. In this case, add the session object to the userContext object before calling the original implementation. - Override the createNewSession function on the session recipe to check if the session object exists in the userContext obj and if it does, then just return that session else call the original implementation. The above will make sure that during social login account linking, you do not end up creating a new session and reuse the existing one. The next step is to associate the new userId (of the social login sign up) with the actual user ID of the user. This can be done in many ways: - Use the user metadata recipe to store this mapping. - Store this mapping in your own database. Either way, you can do this mapping in the signInUpPOST API override after you have called the original implementation and its response from the function call has {status: "OK"}. You will also have access to the access token of the social provider here which you can use / store in this case. ----------- The above is a basic implementation, and has several edge cases that are not accounted for, but for simple cases, it works.

5 Views

Previous Next

SuperTokens.com

SuperTokens is an open source authentication solution offering features like: Different types of login: Email / password, Passwordless (OTP or Magic link based).