Merge accounts
When an oauth/auth_native call fails with a 380 error (email_address_in_use), the next step is to initiate the merge process. You can prompt the user to confirm that they’d like to merge this social account with their existing user record.
When merging accounts, there are two scenarios to consider:
- Merge social account with existing social record
- Merge social account with existing traditional record
Each of these two scenarios is handled differently.
You can only merge accounts if the social login provider returns a verified email address as part of its API response.
Merge account with existing social record
-
If the existing_provider value returned in the 380 error response is a social provider (e.g. "facebook"), the user must authenticate with that provider to prove ownership of the existing account. You’ll use the returned social login token in the next step.
-
To merge accounts, make an /oauth call that passes in a token and a “merge” token.
- The social login token for the existing social provider is passed into the token parameter.
- The social login token for the new social provider is passed into the merge_token parameter
For example:
$api_call= '/oauth/auth_native';
$params= array(
'client_id'=> JANRAIN_LOGIN_CLIENT_ID,
'flow'=> JANRAIN_FLOW_NAME,
'flow_version'=> JANRAIN_FLOW_VERSION,
'locale'=> 'en-US',
'redirect_uri'=> 'https://localhost',
'response_type'=> 'code',
// social login token for existing social account
'token'=> $_POST['token']
// social login token for new social account
// (must be the same token from the previous failed oauth/auth_native call)
'merge_token'=> $_GET['merge_token'],
);
$curl= curl_init();
curl_setopt($curl,CURLOPT_URL,JANRAIN_CAPTURE_URL.$api_call);
curl_setopt($curl,CURLOPT_POST,true);
curl_setopt($curl,CURLOPT_RETURNTRANSFER,true);
curl_setopt($curl,CURLOPT_POSTFIELDS,http_build_query($params));
$api_response= json_decode(curl_exec($curl));
curl_close($curl);
| Response | Outcome / Next Step |
|---|---|
| Success (ok) | Account is merged and new authorization code is returned. Next step: Exchange an authorization code for an access token and refresh token. |
Merge account with existing traditional record
If the existing_provider value returned in the 380 error response is "capture", make an oauth/auth_native_traditional call that passes in a “merge” token.
-
The user must provide the login credentials for their existing traditional account.
-
The social login token for the new social provider will be passed into the merge_token parameter.
$api_call= '/oauth/auth_native_traditional';
$params= array(
'client_id'=> JANRAIN_LOGIN_CLIENT_ID,
'flow'=> JANRAIN_FLOW_NAME,
'flow_version'=> JANRAIN_FLOW_VERSION,
'locale'=> 'en-US',
'redirect_uri'=> 'https://localhost',
'response_type'=> 'code',
// the name of your sign-in form as defined in the flow file
'form'=> 'signInForm',
// required fields from signInForm
'signInEmailAddress'=> $_POST['email'],
'currentPassword'=> $_POST['password'],
// social login token for new social account
// (must be the same token from the previous failed oauth/auth_native call)
'merge_token'=> $_POST['merge_token']
);
$curl= curl_init();
curl_setopt($curl,CURLOPT_URL,JANRAIN_CAPTURE_URL.$api_call);
curl_setopt($curl,CURLOPT_POST,true);
curl_setopt($curl,CURLOPT_RETURNTRANSFER,true);
curl_setopt($curl,CURLOPT_POSTFIELDS,http_build_query($params));
$api_response= json_decode(curl_exec($curl));
curl_close($curl);
| Response | Outcome / Next Step |
|---|---|
| Success (ok) | Account is merged and new authorization code is returned. Next step: Exchange an authorization code for an access token and refresh token. |
Updated over 2 years ago