I want all third-party applications to be unable to sign up using my passwordless authentication flow. I support both sms and email. I want only my first-party application for the main platform be able to provide sign ups, since I have some custom flow where I require users to be created with both email and sms. I want third parties to be able to only login using email or phone number.
Hi @admin70,
Welcome back to the Auth0 Community and sorry for the late reply.
You can accomplish this by using Auth0 Actions. For instance you can check if that would be a signup case be using the logins_count method and you can query where the user might be trying to signup from using event.client.client_id and event.connection.name type. You can take a look at the Actions Triggers: post-login - Event Object. Then use the api.access.deny(reason) method.
Hope this helps the case, but others as well.
Thanks,
Remus
This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.