We’re using a pre-user registration hook to allow sign-ups only from pre-approved domains but we also have manually-created accounts that don’t match the pre-approved domains.
This shouldn’t be a problem as the pre-user registration hook should only run for new accounts but it seems to run every time anyone triggers the passwordless login flow.
Existing accounts shouldn’t trigger this hook and just go straight through the login process.
Is this a known bug?
Is it necessary to tell our action to access the management API and look up whether the user already exists? That seems like overkill for something fairly basic.
Anyone know how to go around this?