Hi everyone,
I am documenting a reproducible edge-case bug I observed with the auth.openai.com infrastructure. This appears to be a platform-level Identity Provider (IdP) mapping issue that permanently orphans a user_id upon triggering an email rollback.
Environment:
-
Web environment interacting with the platform’s Auth0 implementation.
-
Transitioning from Google OAuth2 to standard credential-based authentication.
Steps to Reproduce:
-
Authenticate via Google IdP.
-
Mutate the account email address to a non-federated domain to force a switch to local auth.
-
Trigger the secure rollback token provided via the automated security alert sent to the original email address.
-
Attempt re-authentication via the original Google IdP.
Actual Behavior: The backend completely uncouples the identity, resulting in a permanent deadlock.
-
Attempting Google Auth throws an “Identity Provider Mismatch” and “user already associated with another account”.
-
The system treats the valid OAuth token as a net-new user, routing to the onboarding flow.
Diagnostic Data Captured: I have captured the network traffic with the failing POST requests to help trace the routing failure.
Has anyone else integrating with or observing the OpenAI platform encountered this specific Auth0 state mismatch? If any platform engineers are monitoring this board I would really appreciate your help. Thanks for any insights on how this state can be manually remapped.