Account Merge

When an oauth/auth_native call fails with a 380 error (email_address_in_use), the next step is to initiate the merge process. You can prompt the user to confirm that they’d like to merge this social account with their existing user record.

When merging accounts, there are two scenarios to consider:

  • Merge social account with existing social record
  • Merge social account with existing traditional record

Each of these two scenarios is handled differently.

Merge Account with Existing Social Record

  1. If the existing_provider value returned in the 380 error response is a social provider (e.g. "facebook"), the user must authenticate with that provider to prove ownership of the existing account. You’ll use the returned social login token in the next step.
  2. To merge accounts, make an oauth/auth_native call that passes in a token and a “merge” token.
    • The social login token for the existing social provider is passed into the token parameter.
    • The social login token for the new social provider is passed into the merge_token parameter

$api_call= '/oauth/auth_native';
$params= array(
    'client_id'=> JANRAIN_LOGIN_CLIENT_ID,
    'flow'=> JANRAIN_FLOW_NAME,
    'flow_version'=> JANRAIN_FLOW_VERSION,
    'locale'=> 'en-US',
    'redirect_uri'=> 'https://localhost',
    'response_type'=> 'code',
    // social login token for existing social account 
    'token'=> $_POST['token']
    // social login token for new social account
    // (must be the same token from the previous failed oauth/auth_native call)
    'merge_token'=> $_GET['merge_token'],
);
$curl= curl_init();
curl_setopt($curl,CURLOPT_URL,JANRAIN_CAPTURE_URL.$api_call);
curl_setopt($curl,CURLOPT_POST,true);
curl_setopt($curl,CURLOPT_RETURNTRANSFER,true);
curl_setopt($curl,CURLOPT_POSTFIELDS,http_build_query($params));
$api_response= json_decode(curl_exec($curl));
curl_close($curl);

Response

Outcome / Next Step

Success (ok)

Account is merged and new authorization code is returned. Next step: Exchange Authorization Code for an access token and refresh token

Merge Account with Existing Traditional Record

If the existing_provider value returned in the 380 error response is "capture", make an oauth/auth_native_traditional call that passes in a “merge” token.

  • The user must provide the login credentials for their existing traditional account.
  • The social login token for the new social provider will be passed into the merge_token parameter.

$api_call= '/oauth/auth_native_traditional';
$params= array(
    'client_id'=> JANRAIN_LOGIN_CLIENT_ID,
    'flow'=> JANRAIN_FLOW_NAME,
    'flow_version'=> JANRAIN_FLOW_VERSION,
    'locale'=> 'en-US',
    'redirect_uri'=> 'https://localhost',
    'response_type'=> 'code',
    // the name of your sign-in form as defined in the flow file
    'form'=> 'signInForm',
    // required fields from signInForm
    'signInEmailAddress'=> $_POST['email'],
    'currentPassword'=> $_POST['password'],
    // social login token for new social account
    // (must be the same token from the previous failed oauth/auth_native call)
    'merge_token'=> $_POST['merge_token']
);
$curl= curl_init();
curl_setopt($curl,CURLOPT_URL,JANRAIN_CAPTURE_URL.$api_call);
curl_setopt($curl,CURLOPT_POST,true);
curl_setopt($curl,CURLOPT_RETURNTRANSFER,true);
curl_setopt($curl,CURLOPT_POSTFIELDS,http_build_query($params));
$api_response= json_decode(curl_exec($curl));
curl_close($curl);

Response

Outcome / Next Step

Success (ok)

Account is merged and new authorization code is returned. Next step: Exchange Authorization Code for an access token and refresh token