Anyone implemented teams/invites while using Auth0?
I'm curious if anyone has used Auth0 for their SaaS and supported a Team/Invite system. The reason I ask is because I planned on letting people invite by email. Then whether the invited user has an account or creates a new account, on their dashboard it'd see their email has a pending invite they could accept or decline and be added to the team.
However, by default Auth0 creates separate accounts for email/password, Google oAuth, FB Auth, etc. even if they use the same email address. So now I have a complexity of who can accept the invite, all accounts that have that email? Only the first one to accept even if it's the "wrong" account? Like what if I have an account that is the email/password one. I receive an email that I'm invited to X team. I try to login but click Google login instead and then accept the invite. Now my accidental alt account is on the team and my main account isn't.
You can suggest to users that they should merge/link their accounts but you can't force it.
What is a simple way to deal with this?
We never found a way, and because of that (at multiple companies using Auth0) we had to build our own invite system every time. It was a huge pain.
After doing this the third time, we realized that the problem has to do with the implementation on the Auth0 side where it:
What did we do?
We went out and build a service that specifically handles permissions and solves invites by:
To take it one step further we've externalized our system so that any can plug-in play invite and other IAM related access management features: Invite API
Awesome I actually considered making a third party service to deal with it I'm glad someone else did! I'll definitely be taking a look.
Yeah I realized I was just hacking too many things together with Auth0, I actually just rewrote everything using Firebase Auth and it's been smooth sailing, may still have some issues down the road but it will not allow duplicate emails which solved a lot of my problems.
BTW, you can merge accounts based on email: https://community.auth0.com/t/how-do-i-unify-users-based-on-email-address/26985 . You can invite users through email and when they login using google you merge the account instead of creating a new one.
I ultimately implemented the team/invite system in https://taskforce.sh in a suboptimal way but I learnt that although not perfect users are able to use it.
The main limitation is that users need to exist in the system before they can be invited, this is similar to how github works when inviting team members (or used to be unless they improved it), so I figured it would be good enough for me.
Still I got a very small amount of users that found this mechanism awkward but after explaining them how it worked they all manage to use it.