Block social sign up if user with email already exists?

Is there a way to block a social user sign up (e.g. google-oauth2), if their email address is the same as an existing user?

We’re trying to sort out a potential problem of duplicate users (and the confusion for users) when turning on Google social sign ups as we have existing username-password users that would most likely try to sign in/up with Google and not realise that it has created a new user.

Ideally in that instance we’d like to show an error like “A user with the same email already exists”.

From my reading it looks like neither Actions or Hooks can do this as they are only available for auth0 db connections.

We’ve also already tried the Account Link extension, however we had the following issues with it:

  1. We use the New Universal Signin so the UI does not match the Accoun Link UI. Any chance it can be updated to the New Universal UI?
  2. It creates a new user before doing the Account Link. We have a pre-registration rule that adds metadata by calling our external api, so we end up with duplicate users in our api.
  3. When it redirects to the Link account confirmation and then the re-authenticate pages, those pages are served from the non-custom domain. (e.g. mydomain.us.auth0.com instead of auth.mydomain.com).
6 Likes

I am also very keen to know if there is an Auth0 solution to this?

In addition to the registration process, we are wondering if there is a way to have a “forgot your username” process which potentially emails the username/authentication method.

Can someone from the Auth0 team take a look? :slightly_frowning_face:

@serhii.holinei you can vote for this request which would give you the opportunity to deny signup in a Pre User Registration Action :slight_smile:

Trigger the Pre User Registration flow for social and other non-database connection types - Auth0 Community

I voted. Thanks. My disappointment in Auth0 grows.

Is there any way to differentiate or capture the login on the /callback route?

I’m having an issue where, when User A signs up with Google social, then someone else (User B) signs up with User A’s email, Auth0 creates two different users, but in my app, I’m not sure how to handle this, so it currently sees them as one user.