> ## Documentation Index
> Fetch the complete documentation index at: https://auth0.com/llms.txt
> Use this file to discover all available pages before exploring further.
> Understand how user accounts can be linked in Auth0 from various identity providers.
# User Account Linking
export const AuthCodeGroup = ({children, dropdown}) => {
const [processedChildren, setProcessedChildren] = useState(children);
useEffect(() => {
let unsubscribe = null;
function init() {
unsubscribe = window.autorun(() => {
const processChildren = node => {
if (typeof node === "string") {
let processedNode = node;
for (const [key, value] of window.rootStore.variableStore.values.entries()) {
const escapedKey = key.replaceAll(/[.*+?^${}()|[\]\\]/g, (String.raw)`\$&`);
processedNode = processedNode.replaceAll(new RegExp(escapedKey, "g"), value);
}
return processedNode;
} else if (Array.isArray(node)) {
return node.map(processChildren);
} else if (node && node.props && node.props.children) {
return {
...node,
props: {
...node.props,
children: processChildren(node.props.children)
}
};
}
return node;
};
setProcessedChildren(processChildren(children));
});
}
if (window.rootStore) {
init();
} else {
window.addEventListener("adu:storeReady", init);
}
return () => {
window.removeEventListener("adu:storeReady", init);
unsubscribe?.();
};
}, [children]);
return {processedChildren};
};
Connected Accounts enables a single Auth0 user profile to be linked to multiple external accounts. When you enable Connected Accounts for a supported external provider, Auth0 automatically adds the account for that provider to the user profile after the user successfully logs in. To learn more, read [Connected Accounts for Token Vault](/docs/secure/tokens/token-vault/connected-accounts-for-token-vault).
Auth0 supports the linking of user accounts from various identity providers. This allows a user to authenticate from any of their accounts and still be recognized by your app and associated with the same user profile.
Both your specific login implementation and your Auth0 plan or custom agreement affect whether this feature is available. To learn more, read [Pricing](https://auth0.com/pricing).
Auth0 treats all identities as separate by default. For example, if a user logs in first against the Auth0 database and then via Google or Facebook, these two attempts would appear to Auth0 as two separate users. You can implement functionality to enable a user to explicitly link accounts. In this scenario, the user would log in with an initial provider, perhaps Google. Your application would provide a link or button to enable them to link another account to the first one. The user would click on this link/button and your application would make a call so that when the user logs in with the second provider, the second account is linked with the first.
## Advantages of linking accounts
* Allows users to log in with any identity provider without creating a separate profile for each
* Allows registered users to use a new social or passwordless login but continue using their existing profile
* Allows users that registered using a passwordless login to link to an account with a more complete profile
* Allows your apps to retrieve user profile data stored in various connections
## Precautions
Insecurely linking accounts can allow malicious actors to access legitimate user accounts. Please remain aware of the following:
For both manual and automatic account links, your tenant should request authentication for **both** accounts before linking occurs.
In addition, **every** manual account link should prompt the user to enter credentials.
## How it works
The process of linking accounts merges two existing user profiles into a single one. When linking accounts, a **primary account** and a **secondary account** must be specified.
In the example below you can see how the resulting linked profile will be for the sample primary and secondary accounts.
```json Profile of primary account lines expandable theme={null}
{
"email": "your0@email.com",
"email_verified": true,
"name": "John Doe",
"given_name": "John",
"family_name": "Doe",
"picture": "https://lh3.googleusercontent..../photo.jpg",
"gender": "male",
"locale": "en",
"user_id": "google-oauth2|115015401343387192604",
"identities": [
{
"provider": "google-oauth2",
"user_id": "115015401343387192604",
"connection": "google-oauth2",
"isSocial": true
}
],
"user_metadata": {
"color": "red"
},
"app_metadata": {
"roles": [
"Admin"
]
},
...
}
```
```json Profile of secondary account lines theme={null}
{
"phone_number": "+14258831929",
"phone_verified": true,
"name": "+14258831929",
"updated_at": "2015-10-08T18:35:18.102Z",
"user_id": "sms|560ebaeef609ee1adaa7c551",
"identities": [
{
"user_id": "560ebaeef609ee1adaa7c551",
"provider": "sms",
"connection": "sms",
"isSocial": false
}
],
"user_metadata": {
"color": "blue"
},
"app_metadata": {
"roles": [
"AppAdmin"
]
},
...
}
```
```json Linked profile lines expandable theme={null}
{
"email": "your0@email.com",
"email_verified": true,
"name": "John Doe",
"given_name": "John",
"family_name": "Doe",
"picture": "https://lh3.googleusercontent..../photo.jpg",
"gender": "male",
"locale": "en",
"user_id": "google-oauth2|115015401343387192604",
"identities": [
{
"provider": "google-oauth2",
"user_id": "115015401343387192604",
"connection": "google-oauth2",
"isSocial": true
},
{
"profileData": {
"phone_number": "+14258831929",
"phone_verified": true,
"name": "+14258831929"
},
"user_id": "560ebaeef609ee1adaa7c551",
"provider": "sms",
"connection": "sms",
"isSocial": false
}
],
"user_metadata": {
"color": "red"
},
"app_metadata": {
"roles": [
"Admin"
]
},
...
}
```
Note that:
* The `user_id` and all other main profile properties continue to be those of the primary identity
* The first identity in the `user.identities` array is the primary identity
* The secondary account is now embedded in the `user.identities` array of the primary profile
* The attributes of the secondary account are placed inside the `profileData` field of the corresponding identity inside the array
* The `user_metadata` and `app_metadata` of the primary account have not changed
* The `user_metadata` and `app_metadata` of the secondary account are discarded
* There is no automatic merging of user profiles with associated identities
* The secondary account is removed from the users list
* If you delete the primary account, the secondary account is deleted as well
### Metadata merge
Metadata is not automatically merged during account linking. If you want to merge it, you have to do it manually using the Manage API [`/users/patch_users_by_id`](https://auth0.com/docs/api/v2#!/Users/patch_users_by_id) endpoint.
The [Auth0 Node.js SDK for APIv2](https://github.com/auth0/node-auth0/) is also available.
To learn more, read [Understand How Metadata Works in User Profiles](/docs/manage-users/user-accounts/metadata)
## Scenarios
There are two different ways of implementing account linking:
* User-initiated account linking: allow your users to link their accounts using an admin screen in your app.
* Suggested account linking: identify accounts with the same email address and prompt the user in your app to link them.
### User-initiated account linking
Typically, account linking will be initiated by an authenticated user. Your app must provide the UI, such as a **Link accounts** button on the user's profile page.
To learn more about how to implement user-initiated account linking in a Single Page Application, read [Client-Side Account Linking](/docs/manage-users/user-accounts/user-account-linking/user-initiated-account-linking-client-side-implementation). To learn more about how to implement user-initiated account linking in a Regular Web Application, read [Server-Side Account Linking](/docs/manage-users/user-accounts/user-account-linking/suggested-account-linking-server-side-implementation).
### Suggested account linking
You can find accounts with the same email, and prompt the users to link them. For example, a user can create an account with Google with the `user@gmail.com`, and then log in with Facebook, with an account linked to the same email.
If that occurs, you can show users the list of available accounts so they can link them, by first authenticating with the account they will be linking to.
You can also use the [Account Link Extension](/docs/customize/extensions/account-link-extension) to achieve the same outcome.
Previously, in some cases, you could use ID Tokens to link and unlink user accounts. This functionality is being deprecated. You will have to use Access Tokens in all cases.
## Learn more
* [Link User Accounts](/docs/manage-users/user-accounts/user-account-linking/link-user-accounts)
* [Unlink User Accounts](/docs/manage-users/user-accounts/user-account-linking/unlink-user-accounts)
* [User-Initiated Account Linking: Client-Side Implementation](/docs/manage-users/user-accounts/user-account-linking/user-initiated-account-linking-client-side-implementation)
* [User Account Linking: Server-Side Implementation](/docs/manage-users/user-accounts/user-account-linking/suggested-account-linking-server-side-implementation)