Block social sign up if user with email already exists?

Is there a way to block a social user sign up (e.g. google-oauth2), if their email address is the same as an existing user?

We’re trying to sort out a potential problem of duplicate users (and the confusion for users) when turning on Google social sign ups as we have existing username-password users that would most likely try to sign in/up with Google and not realise that it has created a new user.

Ideally in that instance we’d like to show an error like “A user with the same email already exists”.

From my reading it looks like neither Actions or Hooks can do this as they are only available for auth0 db connections.

We’ve also already tried the Account Link extension, however we had the following issues with it:

  1. We use the New Universal Signin so the UI does not match the Accoun Link UI. Any chance it can be updated to the New Universal UI?
  2. It creates a new user before doing the Account Link. We have a pre-registration rule that adds metadata by calling our external api, so we end up with duplicate users in our api.
  3. When it redirects to the Link account confirmation and then the re-authenticate pages, those pages are served from the non-custom domain. (e.g. mydomain.us.auth0.com instead of auth.mydomain.com).
3 Likes

I am also very keen to know if there is an Auth0 solution to this?

In addition to the registration process, we are wondering if there is a way to have a “forgot your username” process which potentially emails the username/authentication method.