Auth0 Home Blog Docs

prevent new social media login from specific Client

signup
social-connections
hooks

#1

Hello, I have an electron app (Client ‘SonoClipShare Uploader’) from which I’d like to completely prevent signup. Only enabled auth methods are google-oauth2 and Username-Password-Authentication. Of course I can disable Username-Password-Authentication easily through lock, but is there a way I can prevent a new registration for a would be google-oauth2 user? I’d like to only allow new signups from Client “SonoClipShare.com”. Here is an attempt at using a hook (modded from this thread) to achieve my goal, but it is still allowing new gmail signups from SonoClipShare Uploader while having a negative effect of blocking new Username-Password-Authentication from SonoClipShare.com. Any thoughts?

module.exports = function (user, context, callback) {
	 var response = {};
	 response.user = user;
	 user.app_metadata = user.app_metadata || {};
	 // User was blocked before, allow them now
	 if (context.connection.id === 'myidforsonocipshare.com') {
		 if (user.app_metadata.restrict === true) { 
			user.app_metadata.restrict = false;
			return auth0.users.updateAppMetadata(user.app_metadata).then(function () {
				 callback(null, user, context);
			}, callback);
		 }
	 } else {
		  user.app_metadata.restrict = true;
		  auth0.users.updateAppMetadata(user.app_metadata).then(function () {
			   return callback(new UnauthorizedError('Please use the same username/password you used on SonoClipShare.com'));
		  },callback);
	 }
};

#2

EDIT: Hooks can currently only run on database connection sign ups; they will not run on social sign ups (e.g. Google). An approach to achieve your requirements is to have the two apps as separate clients in Auth0, then simply disable the Google connection for the client you don’t want to allow Google sign up.


#3

I edited my answer to show the updated code, but still getting gmail signing from my app. This code also blocks new Username-Password-Authentication from SonoClipShare.com.


#4

You can create a rule. Actually ther’s a template for that: “Disable social signups”. Once in the rule code, you can customize the CLIENTS_ENABLED variable to disable signup based on that.

Here is the rule code:

function (user, context, callback) {

  var CLIENTS_ENABLED = 'REPLACE_WITH_YOUR_CLIENT_ID'];
  // run only for the specified clients
  if (CLIENTS_ENABLED.indexOf(context.clientID) === -1) {
    return callback(null, user, context);
  }

  // initialize app_metadata
  user.app_metadata = user.app_metadata || {};

  // if it is the first login (hence the `signup`) and it is a social login
  if (context.stats.loginsCount === 1 && user.identities[0].isSocial) {

    // turn on the flag
    user.app_metadata.is_signup = true; 

    // store the app_metadata
    auth0.users.updateAppMetadata(user.user_id, user.app_metadata)
      .then(function(){
        // throw error
        return callback('Signup disabled');
      })
      .catch(function(err){
        callback(err);
      });

    return;
  } 

  // if flag is enabled, throw error
  if (user.app_metadata.is_signup) {
    return callback('Signup disabled');
  }

  // else it is a non social login or it is not a signup
  callback(null, user, context);
}

#5