Exclude unverified email from duplicate checks

t.fukao · October 15, 2024, 12:51am

If a user attempts to sign up using an email address that is already registered, “The user already exists.” error will occur and the signup will fail.

I want to exclude unverified email accounts (pending account) from duplicate checks.

If a signup uses an email address that matches an existing pending account, I want the new signup to be successful and the existing pending account to be deleted (or overwritten).

What are the possible solutions for this?

dawid.matuszczyk · October 15, 2024, 10:30am

Hi @t.fukao

Welcome back to the Auth0 Community!

Thank you for posting your question, unfortunately this flow won’t be possible as Auth0 will decline the signup process before triggering any Action if the email address already exists. On the other hand I wouldn’t recommend this approach as it allows attackers for exploiting this flow.

Thanks
Dawid

Topic		Replies	Views
Not considering a user account already existing before it is validated through email activation Get Help signup , email-verification , forgot-password	1	4144	October 28, 2019
To prevent the creation of accounts with email addresses that already exist Get Help management-api , users	3	148	October 4, 2024
Pre-registration Action not triggering on signup with existing email Get Help login-experience , signup-prompt-new-experience	8	934	July 12, 2024
Check if user already exists on signup Get Help	2	7698	February 6, 2021
Block social sign up if user with email already exists? Get Help pre-user-registratio	5	3903	July 28, 2024

Exclude unverified email from duplicate checks

Related topics