Android: Linking Accounts
This tutorial will show you how to link two different accounts for the same user. We recommend you to Log in to follow this quickstart with examples configured for your account.
I want to integrate with my app15 minutes
I want to explore a sample app2 minutes
Get a sample configured with your account settings or check it out on Github.
Before You Start
Before you continue with this tutorial, make sure that you have completed the previous tutorials. This tutorial assumes that:
- You have integrated Auth0 as a dependency in your project.
- You are familiar with the
WebAuthProviderclass. To learn more, see the Login and the Session Handling tutorials.
- You are familiar with the concepts of
idToken. You can find info about them in the Session Handling and the User Profile tutorials.
We recommend that you read the Linking Accounts documentation to understand the process of linking accounts.
API scopes on Authentication
As seen previously in the User Profile tutorial, you need to request the Management API audience and the corresponding scopes to be able to read the full user profile and edit their identities, since they are not part of the OIDC specification. Each identity in the user profile represents details from the authentication provider used to log in. e.g. the user's Facebook account details.
Find the snippet in which you initialize the
WebAuthProvider class. To that snippet, add the line
withScope("openid profile email offline_access read:current_user update:current_user_identities") and
Enter Account Credentials
Your users may want to link their other accounts to the account they are logged in to.
To achieve this, you need to store the user ID for the logged user in the Intent, along with the ID Token and Access Token provided by the LoginActivity at launch, which are already available in the intent extras.
Obtain the stored values in
onCreate, check if a new account linking was requested. Check as well if a previous
savedInstanceState exists and contains the "logging in" state. This flag is set when the web authentication is launched and must be correctly handled to avoid state loss.
In the login response, based on the boolean flag set in the first step, decide if you need to show the
MainActivity screen, or continue to link the accounts.
Now, you can link the accounts. To do this, you need the logged-in user's ID and Access Token, and the ID Token for the secondary account received in the last login response.
The updated list of identities is returned in the
link method response. Alternatively, obtain the user's full profile, use the user's ID to call the
getProfile method in the
UsersAPIClient class. The profile includes the linked accounts as the
To unlink the accounts, you need to specify the following:
- user ID for the main account
- user ID for the linked account
- the provider name for the linked account
To instantiate the
UsersAPIClient client, use the Access Token for the main account like before.