Hi,
Are there any practices that i can put in place in order to avoid spam account signups on my app ?
What i can imagine :
- block ip address if signup attempts is > X
- block certain email domain
- add captcha
- ?
Thank you for your help
Hi,
Are there any practices that i can put in place in order to avoid spam account signups on my app ?
What i can imagine :
Thank you for your help
Regarding the first two points: the right place to put your logic would usually be a Pre-User-Registration Hook Explore Flows and Triggers, however it should be noted that at the moment, the hooks do only return a generic error message only (“An error occured.”) upon failure (which your logic would trigger), thus it’s not possible to return a customized error message (at least not if using the standard Universal Login Page).
So you might need to use a custom UI with additional frontend validation as well.
Captcha is not supported (and not recommended) by Auth0 out of the box. See:
and this blog article (“Avoid CAPTCHAs”):
Hi @mathiasconradt
Thank you for your answer
Ok, so with Pre User Registration Hook, i would have to implement the logic/rules that i want
A default error message is fine for the moment
Yes, that is right, you would add your logic in the hook, example:
module.exports = function (user, context, cb) {
var response = {};
if (user.email === "santa@claus.co" ) {
cb('Invalid Signup.', response)
} else {
response.user = user;
cb(null, response);
}
};
however it should be noted that at the moment, the hooks do only return a generic error message only (“An error occured.”) upon failure (which your logic would trigger), thus it’s not possible to return a customized error message (at least not if using the standard Universal Login Page).
Update on this: customizing the hook error messages is now possible, see Explore Flows and Triggers
I tried Google Recapcha but It doen’t work, is there any advice? thanks
@mathiasconradt thanks,
What exactly doesn’t work? How did you implement it, and any particular error message you’re getting?
By the way: since this original post is already >1,5 years old, note that ReCaptcha support is now available out of the box in Auth0, see Bot Detection
This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.