Good morning,
Sorry for the delay.
The signup and login buttons are the same when using a third party IdP like Google. In addition, there’s no way of stopping signup of social logins, because conceptually the signup does not happen at Auth0, but at the external identity provider.
So, the user would be created and exist, however, if you want to prevent access, you would use something of this sort in your rule return callback(new UnauthorizedError('Access denied'));