Deleted users are able to reactivated their accounts by logging in (social users)


I’m trying to delete a social user from auth0, but the user can reactivate their account by simply logging back in. Blocking the user makes it so they cannot log back in, but if we delete the blocked user, they can then log back in without a problem. This is a critical security issue for us. How do we permanently delete a social user?

I’ve read through what I can find on this topic, but am still in need of a true solution. The solution presented by reuben.tiow is not really a solution for keeping deleted social users from reactivating their account. I don’t want the user to be able to log in if they are deleted – obviously.


Hey there @misley !

Unfortunately, as far as I’m aware there isn’t a way to delete the social user and block them at the same time as you’ve noticed. You could delete the user and then create an Action utilizing api.access.deny to create a deny list, but the user profile will still be created in Auth0. FWIW, the profile doesn’t count towards a monthly active user (MAU).

1 Like

@tyf Thanks for the reply. And just to be clear, deleting a social user from auth0 does not actually prevent them from just logging back in and becoming an active user again, right? They need to be blocked in order to prevent them being able to log back in?

1 Like

That’s correct - Without the block or Action in place there’s no way to prevent the social user from logging back in :confused:

Ok! Thanks! We will just block users from now on and try not to ever delete them.

1 Like

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.