github-starred/better-auth
2
0
Fork 0
mirror of https://github.com/better-auth/better-auth.git synced 2026-05-23 07:18:56 -05:00
Code Issues 2.5k Packages Projects Releases 112 Wiki Activity

[GH-ISSUE #6126] Support for Linking Multiple Login Identities (Emails / Providers) to a Single User Account #19055

New Issue
Open
opened 2026-04-15 17:50:23 -05:00 by GiteaMirror · 7 comments
GiteaMirror commented 2026-04-15 17:50:23 -05:00
Owner
Copy Link

Originally created by @aurindam on GitHub (Nov 20, 2025).
Original GitHub issue: https://github.com/better-auth/better-auth/issues/6126

Is this suited for github?

  • Yes, this is suited for github

Is your feature request related to a problem? Please describe.

Yes. The current challenge is that Better Auth does not support treating multiple email addresses as belonging to the same underlying user unless the user manually links them through allowDifferentEmails in the accountLinking configuration.

This approach has two limitations:

  1. It only works after the user signs in, meaning account fragmentation still occurs first and must be corrected manually afterward by the user.
  2. It only supports linking social provider accounts, not cases where users sign in using different email addresses directly, for example via Magic Link, password login, or different email addresses used with multiple providers.

As a result, the same real person can unintentionally create multiple distinct Better Auth user accounts simply by using different emails during signin. This leads to duplicated profiles, inconsistent organization/team membership, and poor user experience.

We are looking for a built-in way for Better Auth to treat multiple emails (and providers) as identities of a single user automatically, without relying on manual linking after sign-in.

Describe the solution you'd like

We would like Better Auth to support multiple emails and multiple authentication providers mapped to a single underlying user, without requiring manual linking after logging in.

Specifically:

  1. A first-class identity linking system

    • Each user can have multiple verified email addresses.
    • Each user can have multiple linked OAuth provider identities.
    • All identities map to a single user.id.

  2. Automatic identity resolution on login

    • If an email or provider identity matches any linked identity, the user is authenticated as the same user.
    • This prevents duplicate user accounts from ever being created.

  3. APIs for programmatic linking

    authClient.user.linkEmail({ userId, email });
authClient.user.linkProvider({ userId, provider, providerUserId });

  4. Schema support

  • A user_emails table (1-to-many)
  • A linked_accounts table for OAuth providers

Expanding the current account-linking logic to email-based logins would complete the feature.

  1. Optional: identity resolution hooks
 resolveIdentity: async (identity) => {
 // Determine which user this identity belongs to
 }

The goal: one human = one Better Auth user, regardless of sign-in method or which email(s) they use.

Describe alternatives you've considered

Using allowDifferentEmails in accountLinking

  • Works only after the user signs in.
  • Only links social provider accounts.
  • Does not solve Magic Link / password login with different emails.
  • Does not prevent duplicate accounts.

Manually merging users in our own database

This approach is fragile because:

  • Better Auth manages the user schema internally.
  • Manual merging can break session state.
  • Hooks do not expose early-enough lifecycle events needed to safely merge accounts.
  • Hard to maintain when Better Auth updates the authentication pipeline.

Relying on users to maintain one “primary email”

  • Not realistic as users often have multiple emails (corporate + personal) and different logins for different contexts.
  • Still leads to fragmented user accounts.

Blocking login with alternative emails

  • Reduces login success rates.
  • Hurts UX.
  • Does not reflect real-world behavior where users naturally switch between emails or identity providers.

Additional context

An example would be GitHub, where users can be invited to different organizations via different email addresses, each user can have multiple verified email addresses but a user has a unique username.

Originally created by @aurindam on GitHub (Nov 20, 2025). Original GitHub issue: https://github.com/better-auth/better-auth/issues/6126 ### Is this suited for github? - [x] Yes, this is suited for github ### Is your feature request related to a problem? Please describe. Yes. The current challenge is that Better Auth does not support treating multiple email addresses as belonging to the same underlying user unless the user manually links them through `allowDifferentEmails` in the `accountLinking` configuration. This approach has two limitations: 1. It only works **after the user signs in**, meaning account fragmentation still occurs first and must be corrected manually afterward by the user. 2. It only supports linking **social provider accounts**, not cases where users sign in using different email addresses directly, for example via Magic Link, password login, or different email addresses used with multiple providers. As a result, the same real person can unintentionally create multiple distinct Better Auth user accounts simply by using different emails during signin. This leads to duplicated profiles, inconsistent organization/team membership, and poor user experience. We are looking for a built-in way for Better Auth to treat multiple emails (and providers) as identities of a single user *automatically*, without relying on manual linking after sign-in. ### Describe the solution you'd like We would like Better Auth to support **multiple emails and multiple authentication providers mapped to a single underlying user**, without requiring manual linking after logging in. Specifically: 1. **A first-class identity linking system** - Each user can have multiple verified email addresses. - Each user can have multiple linked OAuth provider identities. - All identities map to a single `user.id`. 2. **Automatic identity resolution on login** - If an email or provider identity matches any linked identity, the user is authenticated as the same user. - This prevents duplicate user accounts from ever being created. 3. **APIs for programmatic linking** ```ts authClient.user.linkEmail({ userId, email }); authClient.user.linkProvider({ userId, provider, providerUserId }); ``` 4. Schema support - A `user_emails` table (1-to-many) - A `linked_accounts` table for OAuth providers Expanding the current account-linking logic to email-based logins would complete the feature. 5. Optional: identity resolution hooks ```ts resolveIdentity: async (identity) => { // Determine which user this identity belongs to } ``` ***The goal***: one human = one Better Auth user, regardless of sign-in method or which email(s) they use. ### Describe alternatives you've considered ### Using `allowDifferentEmails` in `accountLinking` - Works only **after** the user signs in. - Only links **social provider** accounts. - Does not solve Magic Link / password login with different emails. - Does not prevent duplicate accounts. ### Manually merging users in our own database This approach is fragile because: - Better Auth manages the user schema internally. - Manual merging can break session state. - Hooks do not expose early-enough lifecycle events needed to safely merge accounts. - Hard to maintain when Better Auth updates the authentication pipeline. ### Relying on users to maintain one “primary email” - Not realistic as users often have multiple emails (corporate + personal) and different logins for different contexts. - Still leads to fragmented user accounts. ### Blocking login with alternative emails - Reduces login success rates. - Hurts UX. - Does not reflect real-world behavior where users naturally switch between emails or identity providers. ### Additional context An example would be GitHub, where users can be invited to different organizations via different email addresses, each user can have multiple verified email addresses but a user has a unique username.
GiteaMirror added the corecredentials labels 2026-04-15 17:50:23 -05:00
GiteaMirror commented 2026-04-15 17:50:24 -05:00
Author
Owner
Copy Link

@better-auth-agent[bot] commented on GitHub (Nov 20, 2025):

<tag @better-auth-agent if you would like an answer from the Agent>

DiagramDiscordGitHub

Diagram Join Star

<!-- gh-comment-id:3557557334 --> @better-auth-agent[bot] commented on GitHub (Nov 20, 2025): <tag @better-auth-agent if you would like an answer from the Agent> <!-- bot:webhook reply v1 --> [Diagram](https://repodiagrams.s3.eu-north-1.amazonaws.com/better-auth_ultra_detailed_interactive.html) • [Discord](https://discord.gg/better-auth) • [GitHub](https://github.com/better-auth/better-auth) [![Diagram](https://img.shields.io/badge/Diagram-2b3137?style=flat-square)](https://repodiagrams.s3.eu-north-1.amazonaws.com/better-auth_ultra_detailed_interactive.html) [![Join](https://img.shields.io/badge/join-5865F2?logo=discord&logoColor=white&style=flat-square)](https://discord.gg/better-auth) [![Star](https://img.shields.io/badge/star-181717?logo=github&logoColor=white&style=flat-square)](https://github.com/better-auth/better-auth)
GiteaMirror commented 2026-04-15 17:50:25 -05:00
Author
Owner
Copy Link

@dsonet commented on GitHub (Dec 11, 2025):

Possible solutions were also discussed here: https://github.com/better-auth/better-auth/issues/2402

<!-- gh-comment-id:3639883712 --> @dsonet commented on GitHub (Dec 11, 2025): Possible solutions were also discussed here: https://github.com/better-auth/better-auth/issues/2402
GiteaMirror commented 2026-04-15 17:50:25 -05:00
Author
Owner
Copy Link

@dosubot[bot] commented on GitHub (Mar 12, 2026):

Hi, @aurindam. I'm Dosu, and I'm helping the better-auth team manage their backlog and am marking this issue as stale.

Issue Summary:

  • You requested automatic linking of multiple emails and authentication providers to a single user account to prevent manual linking and duplicate accounts.
  • You proposed a comprehensive identity linking system with APIs, schema support, and identity resolution hooks.
  • A maintainer pointed to a related discussion in issue #2402 as a potential avenue for solutions.
  • I shared documentation and community resources for further exploration.
  • The issue remains unresolved with no recent updates.

Next Steps:

  • Please let me know if this feature request is still relevant to the latest version of better-auth by commenting on this issue.
  • If I do not hear from you within 7 days, this issue will be automatically closed.

Thank you for your understanding and contribution!

<!-- gh-comment-id:4047968553 --> @dosubot[bot] commented on GitHub (Mar 12, 2026): Hi, @aurindam. I'm [Dosu](https://dosu.dev), and I'm helping the better-auth team manage their backlog and am marking this issue as stale. **Issue Summary:** - You requested automatic linking of multiple emails and authentication providers to a single user account to prevent manual linking and duplicate accounts. - You proposed a comprehensive identity linking system with APIs, schema support, and identity resolution hooks. - A maintainer pointed to a related discussion in issue #2402 as a potential avenue for solutions. - I shared documentation and community resources for further exploration. - The issue remains unresolved with no recent updates. **Next Steps:** - Please let me know if this feature request is still relevant to the latest version of better-auth by commenting on this issue. - If I do not hear from you within 7 days, this issue will be automatically closed. Thank you for your understanding and contribution!
GiteaMirror commented 2026-04-15 17:50:26 -05:00
Author
Owner
Copy Link

@lorenzocorallo commented on GitHub (Mar 14, 2026):

Hi there, is this still an issue on the latest better-auth version? I was looking into users with multiple emails with OTP-only login and didn't find much but this PR.

<!-- gh-comment-id:4060696543 --> @lorenzocorallo commented on GitHub (Mar 14, 2026): Hi there, is this still an issue on the latest better-auth version? I was looking into users with multiple emails with OTP-only login and didn't find much but this PR.
GiteaMirror commented 2026-04-15 17:50:26 -05:00
Author
Owner
Copy Link

@aurindam commented on GitHub (Mar 14, 2026):

Hi, this issue is still relevant. Is this something that the team could work on (as a priority)? We are open to paying some money to prioritise this.

<!-- gh-comment-id:4061491217 --> @aurindam commented on GitHub (Mar 14, 2026): Hi, this issue is still relevant. Is this something that the team could work on (as a priority)? We are open to paying some money to prioritise this.
GiteaMirror commented 2026-04-15 17:50:26 -05:00
Author
Owner
Copy Link

@tmcw commented on GitHub (Mar 20, 2026):

Switching from Clerk to Better Auth is pretty smooth except for this - linking multiple emails is pretty common with Clerk auth and apparently requires a big workaround with Better Auth, which is a bummer.

<!-- gh-comment-id:4099166211 --> @tmcw commented on GitHub (Mar 20, 2026): Switching from Clerk to Better Auth is pretty smooth except for this - linking multiple emails is pretty common with Clerk auth and apparently requires a big workaround with Better Auth, which is a bummer.
GiteaMirror commented 2026-04-15 17:50:27 -05:00
Author
Owner
Copy Link

@beeman commented on GitHub (Mar 26, 2026):

I'd love to see this feature, it would help a lot on a couple of the projects I'm working on moving away from the existing (in-house) auth systems.

The reality is that a lot people in this world have and use different emails.

Right now that can lead to fragmented accounts. A cleaner model for multiple verified emails / linked identities mapping to one user would be really valuable.

The way I look at it, an email address is just another linked account (or identity), not different than a social account or web3 wallet.

I also understand this is probably too big to land all at once.

If it helps, I'd be interested in contributing a more incremental first step. For example I could starting with linked email management and primary-email handling as a foundation, and then layering broader identity resolution on top later.

I understand from https://github.com/better-auth/better-auth/issues/424#issuecomment-4046248584 that there will be no schema changes before 2.0 but it would be great if this could be added in the next major.

<!-- gh-comment-id:4132680287 --> @beeman commented on GitHub (Mar 26, 2026): I'd love to see this feature, it would help a lot on a couple of the projects I'm working on moving away from the existing (in-house) auth systems. The reality is that a lot people in this world have and use different emails. Right now that can lead to fragmented accounts. A cleaner model for multiple verified emails / linked identities mapping to one user would be really valuable. The way I look at it, an email address is just another linked account (or identity), not different than a social account or web3 wallet. I also understand this is probably too big to land all at once. If it helps, I'd be interested in contributing a more incremental first step. For example I could starting with linked email management and primary-email handling as a foundation, and then layering broader identity resolution on top later. I understand from https://github.com/better-auth/better-auth/issues/424#issuecomment-4046248584 that there will be no schema changes before 2.0 but it would be great if this could be added in the next major.
Sign in to join this conversation.
No Branch/Tag Specified
Branches Tags
Labels
Clear labels
adapter
astro
awaiting external contributor
blocked
breaking
breaking change
bug
c-devops
core
credentials
database
dependencies
devops
devtools
docs
documentation
duplicate
elysia
enhancement
enterprise
expo
express
fastify
good first issue
help wanted
hono
identity
infra
integration
invalid
javascript
locked
maintenance
need-more-information
needs: info
needs: repro
nextjs
nuxt
oauth
organization
P0
payments
perf
platform
plugin
pull-request
Mirrored from GitHub Pull Request
 question
ready
regression
remix
security
social-provider
solid
stale
svelte
tanstack-start
tracking
version-bump
vue
wontfix
No Label core credentials
Milestone
No items
No Milestone
Projects
Clear projects
No project
Assignees
Clear assignees
GiteaMirror ninjasurge
No Assignees
1 Participants
Notifications
Due Date
No due date set.
Dependencies

No dependencies set.

Reference: github-starred/better-auth#19055
Delete Branch "%!s()"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?