I have implemented Auth0’s new universal login in my react application. It has both log in and sign up tabs which show up on the page. I have also enabled social login and social signup using Google.
I want new users to first sign up using the Sign Up tab since it invokes some other workflows within my application.
However I have observed that when a new user just “signs in” using Google, Auth0 immediately creates their account. This is causing issues in the app since the intended flow associated with post sign up is never called in my application.
Is there a way to prevent new user creation on sign in when a Google sign in is used?
Another thing I noticed was that even when I created two different actions, one for post login flow and other for pre user registration flow. No matter if the a new users directly logs in or even signs up, its the Login flow action which always seems to be called. The Pre User Registration flow is never called.
1 Like
Hi @neeraj1
With social login, you are relying on the social partner for users - this means the social partner can create users. There is no simple way to configure Auth0 to not allow new users from social partners.
On a deeper level, this is a complex question. If I register on a DB connection as john@johngateley.com, then try to sign in at google with john.gateley@gmail.com then I know these are the same user, but Auth0 has no idea, since the email addresses are not the same.
Also, note that the registration hooks only work for DB connections.
I can think of two approaches:
- Change your app/use a rule so that your registration code is executed for new social users. You will then most likely want to use our account linking extension. This will allow users to have a username password login, or a social login, or both, possibly linked.
- Add a section to your app, probably in your “profile” page, that allows you to link a social account. Then add a rule that fails all social logins unless they are linked. This is less user-friendly and more work than approach 1.
John
1 Like
For those of you wondering if this is possible, there’s another article describing how to accomplish it: Prevent User Creation from Social Logins
1 Like