Disable Social Signup..except for Linking existing account

Help
5

Hello,

I had the same issue and wanted in my app the same control. An admin should first create a user in the database password connection. Then only users can login via social login.

The rule will prvent login in with a social account if their primary db account is not set up:

function disableSocialSignups(user, context, callback) {

	// initialize app_metadata
	user.app_metadata = user.app_metadata || {};

	// Detect if this is the primary login/password connection
	const isPrimaryDbConnection = context.connectionStrategy === 'auth0' &&
		context.connection === 'Username-Password-Authentication';

	// is this is a secondary login has it has not been allowed yet
	if (!isPrimaryDbConnection && (user.app_metadata.secondaryLoginState !== 'ALLOWED')) {

		// store the app_metadata
		user.app_metadata.secondaryLoginState = 'PENDING';
		auth0.users
			.updateAppMetadata(user.user_id, user.app_metadata)
			.then(() => {
				console.log("Updated user app_metadata secondaryLoginState to " + user.app_metadata.secondaryLoginState);
				var ManagementClient = require('auth0@2.27.0').ManagementClient;
				var management = new ManagementClient({
					token: auth0.accessToken,
					domain: auth0.domain
				});

				console.log("Checking existence of user with same email");
				return management.users.getByEmail(user.email);
			})
			.then(users => {
				console.debug("Found users : " + users);
				let allowSecondaryLogin = false;
				for (let i in users) {
					let existingUser = users[i];
					if (existingUser.user_id !== user.user_id &&
						existingUser.email_verified === true &&
						existingUser.blocked !== false &&
						existingUser.user_id.startsWith('auth0|')) {
						allowSecondaryLogin = true;
						break;
					}
				}

				user.app_metadata.secondaryLoginState = allowSecondaryLogin ? 'ALLOWED' : 'DENIED';
				return auth0.users.updateAppMetadata(user.user_id, user.app_metadata);
			})
			.then(() => {
				let decision = user.app_metadata.secondaryLoginState;
				console.log("Secondary login decision state for user : " + decision);
				if (decision === 'ALLOWED') {
					callback(null, user, context);
				} else {
					callback(new Error('Secondary login initialisation : ' + decision));
				}
			})
			.catch(err => {
				console.error("Failed to initialize secondary login for user " + user.email);
				console.error(err);
				callback(new Error('Failed to initialize secondary login'));
			});

		return;
	}

	return callback(null, user, context);
}
2 Likes