Block social sign up if user with email already exists?

nickbrooks · July 6, 2021, 1:34am

Is there a way to block a social user sign up (e.g. google-oauth2), if their email address is the same as an existing user?

We’re trying to sort out a potential problem of duplicate users (and the confusion for users) when turning on Google social sign ups as we have existing username-password users that would most likely try to sign in/up with Google and not realise that it has created a new user.

Ideally in that instance we’d like to show an error like “A user with the same email already exists”.

From my reading it looks like neither Actions or Hooks can do this as they are only available for auth0 db connections.

We’ve also already tried the Account Link extension, however we had the following issues with it:

We use the New Universal Signin so the UI does not match the Accoun Link UI. Any chance it can be updated to the New Universal UI?
It creates a new user before doing the Account Link. We have a pre-registration rule that adds metadata by calling our external api, so we end up with duplicate users in our api.
When it redirects to the Link account confirmation and then the re-authenticate pages, those pages are served from the non-custom domain. (e.g. mydomain.us.auth0.com instead of auth.mydomain.com).

dennis.fiedler · July 8, 2021, 5:47am

I am also very keen to know if there is an Auth0 solution to this?

In addition to the registration process, we are wondering if there is a way to have a “forgot your username” process which potentially emails the username/authentication method.

serhii.holinei · January 17, 2024, 7:48pm

Can someone from the Auth0 team take a look?

j.krabs · January 18, 2024, 7:38am

@serhii.holinei you can vote for this request which would give you the opportunity to deny signup in a Pre User Registration Action

Trigger the Pre User Registration flow for social and other non-database connection types - Auth0 Community

serhii.holinei · January 18, 2024, 3:51pm

I voted. Thanks. My disappointment in Auth0 grows.

Eric.T · July 28, 2024, 3:26pm

Is there any way to differentiate or capture the login on the /callback route?

I’m having an issue where, when User A signs up with Google social, then someone else (User B) signs up with User A’s email, Auth0 creates two different users, but in my app, I’m not sure how to handle this, so it currently sees them as one user.

Topic		Replies	Views
How to prevent users that doesn't have an previous registered email to connect with social? Help user-management , account-linking	2	817	September 8, 2023
Prevent Sign Up for an an Email that already exist Help user-management , account-linking	3	2723	April 19, 2023
Prevent user from signing up if email already exists? Help	1	5148	June 22, 2019
Sign up with email/password after Signing up with Social Account Help login-experience , signup-prompt-new-experience	1	913	January 23, 2024
Create rule to prevent social signup with GMAIL.COM but continue to support existing gmail users Help login-experience , signup-prompt-new-experience	2	1209	June 30, 2023

Block social sign up if user with email already exists?

Related Topics