Problem statement
Our tenant has a No Social Signups Rule. Since Rules will be deprecated, how to create an equivalent Action for the no social signups?
Solution
Here are the sample scripts for block social signups with Actions
const CLIENTS_ENABLED = ['YOUR_CLIENT_IDS_HERE']; //List of client_id's to block social signups on
exports.onExecutePostLogin = async (event, api) => {
if (CLIENTS_ENABLED.indexOf(event.client.client_id) === -1) {
//Do nothing, client does not have disable social signups enabled
//console.log('Social signups are allowed on ${event.client.name}');
} else {
//Line below works for 'built in' social connections only, e.g. 'google-oauth2','github' etc.
//const is_social = event.connection.strategy === event.connection.name;
const is_social = event.user.identities[0].isSocial; //This supports built-in and custom social connections, provided social connection is primary identity for user
//console.log('isSocial is:', is_social);
if (is_social && event.stats.logins_count === 1 ){
//User is logging in for the first time with a social connection
api.user.setAppMetadata('is_signup',true);
api.access.deny(`Signups to ${event.client.name} are not allowed for Social Accounts.`);
}
if (event.user.app_metadata.is_signup) {
//Blocks users who have attempted signup on social connection previously
api.access.deny(`Signups to ${event.client.name} are not allowed for Social Accounts.`);
}
}
};