My App upload the App Store, due to its policy, I need provide a button to let user “Delete Account”. But the Auth0 delete account api need the backend service, now I want use the default trigger to call it, here is what I do.
User press on the “Delete Account” button at App side;
App auto modify user name as “Delete Account+{username}”
App call the modify password api to set the user password as random string.
Action call the Post Change Password trigger.
at onExecutePostChangePassword function, if username contain “Delete Account”, then call the M2M Application that bind the API(delete:users) to delete the user account.
It sounds like the utilizing the post password change action is working for your use case of deleting the user?
In order to prevent a user from signing up, you’ll need to create some sort of block list and implement logic in an action to act on it. Depending on the size of the list, storing a list of blocked usernames in application metadata may be an option. Example:
exports.onExecutePreUserRegistration = async (event, api) => {
// Load blocked usernames from application metadata
const blockedUsernames = JSON.parse(event.client.metadata.blockedUsernames);
// Check if the signing up username is in the blocked list
if (blockedUsernames.includes(event.user.username)) {
// Deny the registration with a custom message
api.access.deny(`The username ${event.user.username} is not allowed.`);
}
};
If scalability is of concern, then you may want to store the blocked usernames external to Auth0 and access that via an Action: