What is the preferred way to prevent people signing up twice using known alias patterns like Gmail’s plus sign (for example signing up as firstname.lastname@example.org, then as email@example.com, then as firstname.lastname@example.org). I can of course detect this in my own API, but it would be nice if Auth0 could do this for me, avoiding duplicate user rows in the Auth0 database.
Aliases can be exploited, for example when it comes to free trial periods or user invitations/referrals/rewards for referrals (ref Feedback Opportunity: Enabling User Invitation)
I guess there is no way to detect that someUsername1@someDomain.com is an alias for someUsername2@someDomain.com. But at least Gmail’s plus sign-aliases are easily detectable, and it can potentially fill up the apps Auth0 quota if exploited.