Prevent oauth accounts from signing up under specific conditions

:wave: community.

We have an influx of fake user signups come in through Google oauth. We are able to identify the bad ones with high accuracy and have a filtering Rule in place.

Unfortunately though, it seems neither Rules nor Actions allow us to run the filters PRE registration. Either two only run for username-password auths. This means while we ultimately stop the fake users from entering our app, we still have a ton of (very) expensive dead users in Auth0.

Is there a solution for this?

Hi @ab-121

This is the way social connections work: Auth0 is not responsible for creating the account - that falls to Google, so there is no “pre registration” action.

There are a couple of solutions:

One - you can make the dead accounts not expensive (I am not sure why they would be expensive if they are marked as unusable).

Two - the rule that filters can also delete the account, or preferably queue the account for deletion (using some undetermined mechanism to execute the deletion).


Hi @john.gateley!

Two makes sense. We may end up just doing that.

Not sure what you mean by the first solution. These spammers bulk purchase Gmail accounts for 1-2 cents online. We have ways to figure out which one is a bad account looking at the user and the context (the emails are pretty obvious) but they’ll still count towards MAUs as far as I understand your pricing?