Calling getUsersByEmail in a post-login trigger?

We are trying to prevent users from creating duplicate accounts for the same email address (auth0 vs SSO).

It’s possible to prevent an auth0 provider account in the pre-registration Trigger by looking up existing users with the same email address using the ManagementClient. The auth0 ManagementClient appears to be available by default here, we didn’t even need to add it as a dependency.

This same approach does not appear to work in the post-login Trigger. First off it throws an error if we don’t add auth0 as a dependency. But even if we do, it throws an error saying that getUsersByEmail is not available even though the API specs say it should be available. Is it blocked in this Trigger?

The solution we are trying to implement is:

  • When a user logs in with SSO for the first time (based on login_count)
  • Check if an account exists already for the auth0 provider
  • If it exists and the account is not email_verified = true then reject the login and ask them to login with username and password
  • If it exists and the account is email_verified = true then go ahead and auto-link the account so they share the same id.

Is this possible?

Hi @Carbon,

Welcome to the Auth0 Community and sorry for the late response!
Moved this post over to the Help Category in order to receive proper assistance.

Your desired implementation is definitely possible. A similar issue was already raised here, so you can check out this community post which will explain how to achieve this.

In a Post-Login Action you’ll also have to initialize the ManagementClient, such as:

const management = new ManagementClient({
      domain: event.secrets.domain,
      clientId: event.secrets.clientId,
      clientSecret: event.secrets.clientSecret,
  });

and retrieve the response:

const existingUsers = await api.management.usersByEmail.getByEmail({ email: event.user.email });

You can also check out this pages as well:

Then you should be able to achieve your desired flow by denying access and Linking User Accounts.

Thanks,
Remus

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.