We have an influx of fake user signups come in through Google oauth. We are able to identify the bad ones with high accuracy and have a filtering Rule in place.
Unfortunately though, it seems neither Rules nor Actions allow us to run the filters PRE registration. Either two only run for username-password auths. This means while we ultimately stop the fake users from entering our app, we still have a ton of (very) expensive dead users in Auth0.
Is there a solution for this?
This is the way social connections work: Auth0 is not responsible for creating the account - that falls to Google, so there is no “pre registration” action.
There are a couple of solutions:
One - you can make the dead accounts not expensive (I am not sure why they would be expensive if they are marked as unusable).
Two - the rule that filters can also delete the account, or preferably queue the account for deletion (using some undetermined mechanism to execute the deletion).
Two makes sense. We may end up just doing that.
Not sure what you mean by the first solution. These spammers bulk purchase Gmail accounts for 1-2 cents online. We have ways to figure out which one is a bad account looking at the user and the context (the emails are pretty obvious) but they’ll still count towards MAUs as far as I understand your pricing?