Exclude unverified email from duplicate checks

t.fukao · October 15, 2024, 12:51am

If a user attempts to sign up using an email address that is already registered, “The user already exists.” error will occur and the signup will fail.

I want to exclude unverified email accounts (pending account) from duplicate checks.

If a signup uses an email address that matches an existing pending account, I want the new signup to be successful and the existing pending account to be deleted (or overwritten).

What are the possible solutions for this?

dawid.matuszczyk · October 15, 2024, 10:30am

Hi @t.fukao

Welcome back to the Auth0 Community!

Thank you for posting your question, unfortunately this flow won’t be possible as Auth0 will decline the signup process before triggering any Action if the email address already exists. On the other hand I wouldn’t recommend this approach as it allows attackers for exploiting this flow.

Thanks
Dawid

system · October 29, 2024, 10:31am

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Prevent user from signing up if email already exists? Help	1	5148	June 22, 2019
Not considering a user account already existing before it is validated through email activation Help signup , email-verification , forgot-password	1	4078	October 28, 2019
To prevent the creation of accounts with email addresses that already exist Help management-api , users	3	30	October 4, 2024
How to prevent users that doesn't have an previous registered email to connect with social? Help user-management , account-linking	2	817	September 8, 2023
Prevent Sign Up for an an Email that already exist Help user-management , account-linking	3	2723	April 19, 2023

Exclude unverified email from duplicate checks

Related Topics