Restrict certain emails to only Social Login


I’m trying to restrict certain domains to only signup/login using social login. For example, if a user with an email “” tries to signup/login using the email, and password boxes, the access should be denied since this user should only be able to login using the Social Login option in my App.

Hey there @pipeabellos welcome to the community!

You should be able to implement this with a pre user registration action wherein you use api.access.deny to deny the registration. You’ll have the user context as well details about the connection used in the event object. There’s an example of denying a registration (different criteria) in the blog post below:

Alternatively, you could just forego having a database connection altogether:

Hope this helps!

Thank you @tyf ! I’m not that technical so I can’t write the code by myself. Do you have any examples on how this action must be written?

No problem, happy to help!

It really depends on your specific use case - It may be easier to just forego having a database (username/password) connection altogether. This way only the Social providers will be displayed to the user. However, if you do have a db connection for other users your action might look like:

exports.onExecutePreUserRegistration = async (event, api) => {
  //using this logic for a specific app/client_id
  if (event.client.client_id === `YOUR_CLIENT_ID`) {
    //check if the user is attempting to register with a specific domain
      if ("@exampledomain")) {
      const LOG_MESSAGE = "Registration denied"
      const USER_MESSAGE = "Registration denied - Please login using Google"
      api.access.deny(LOG_MESSAGE, USER_MESSAGE)

This would result in the following:

This is just a quick example I’ve thrown together :slight_smile: You’ll definitely want to run this by someone on your end with technical experience, but hope this helps!

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.