We are trying to prevent users from creating duplicate accounts for the same email address (auth0 vs SSO).
It’s possible to prevent an auth0 provider account in the pre-registration
Trigger by looking up existing users with the same email address using the ManagementClient. The auth0 ManagementClient appears to be available by default here, we didn’t even need to add it as a dependency.
This same approach does not appear to work in the post-login
Trigger. First off it throws an error if we don’t add auth0 as a dependency. But even if we do, it throws an error saying that getUsersByEmail
is not available even though the API specs say it should be available. Is it blocked in this Trigger?
The solution we are trying to implement is:
- When a user logs in with SSO for the first time (based on
login_count
) - Check if an account exists already for the auth0 provider
- If it exists and the account is not
email_verified = true
then reject the login and ask them to login with username and password - If it exists and the account is
email_verified = true
then go ahead and auto-link the account so they share the same id.
Is this possible?