How does Kratos handle duplicate emails? For example a user registers with email@gmail.com then later registers using Google SSO with the same email. Are they separate accounts or are they considered the same? Looking into migration from Auth0 and we do have duplicate emails with separate user accounts.

Hey @icy-art-21396 There can be no duplicate identifiers in Kratos, so if the email is the identifier you will get an error when you are trying to sign up with an email that is already in the system as Google SSO and vice versa.

An account with the same identifier (email, phone, username, ...) exists already. Please sign in to your existing account and link your social profile in the settings page.

We usually assume that people who have e.g. email@gmail and the same Google SSO are the same person/identity. Can you elaborate a bit on your use case if that is the case or how you identify aka “tell apart” these different accounts? If I have access to the email@gmail I can also manage the Google SSO for email@gmail right? So it seems moot to me to have them as 2 different identities from authentication/security perspective.

Hey @magnificent-energy-493 you are right and to be honest that's how we'd prefer our current system was implemented. Unfortunately when we started using Auth0 that is not how they implement it, and we didn't have the resources at the time to implement their account linking flows so we just went with it. But now we're looking at migrating away from Auth0. We have 15,000 accounts with the same email. And we do suspect that virtually all of them were mistakes but we currently assessing that situation to come up with a plan. It's not possible for us to merge the two accounts without suffering possible data loss, so we may need to find a way to pick one to archive and allow users to recover it if needed. But it's going to be a big hassle for us since we're looking to migrate ASAP.

I see. I think we need to go a bit into detail to find the best solution here. Have you been talking to someone at Ory already? We offer rapid migration from Auth0 and this includes handling edge cases like this. You can reach out here, email or call: https://www.ory.sh/contact/ FYI @rich-thailand-93889

Have not yet, still assessing Ory and alternatives to see which platforms suits our needs best. But will reach out