Auth0 Home Blog Docs

Social Logins: Create Accounts only For Paid Members

I’m keen to use Auth0 but I wondered if there was a way to restrict the creation of of user accounts to users who are only going to pay a subscription fee.

A ‘normal’ signup/purchase flow would go something like:

  1. Login via Auth0 using Social provider
  2. Do Stripe/PayPal/etc purchase flow
  3. Store user subscription
  4. Provide content to user based on subscription

I’m concerned that using this method I will get spammed by a lot of non paying accounts, e.g. bots that login using fake/spam accounts and then don’t go any further or users who login and then don’t purchase anything.

These ‘spam’ accounts will then be counted as part of my active user limit and will either cost me more money as I will be forced to up my subscription package or worse will prevent ‘real’ paying subscribers from logging in when I hit my subscription limit.

Is there a way I can disable these user accounts after they’ve failed to purchase anything so they don’t count as part of my active subscriptions limit?

  • OR -
    Is there an alternative signup/payment flow I can use that would prevent user accounts from being created until a purchase has been completed?

Thanks in advance.

I don’t see a good way to avoid the initial spam login (though I would assume it’s harder for bots anyway to do social logins such as FB or Google than regular username/password signups or logins), because when logging in with a Social Provider, the first time you can interact, hooking in the Stripe/Paypal flow, would be within the Auth0 Rule engine, which comes after the user has authenticated.

However note regarding:

These ‘spam’ accounts will then be counted as part of my active user limit and will either cost me more money as I will be forced to up my subscription package or worse will prevent ‘real’ paying subscribers from logging in when I hit my subscription limit.

Unless they login again in the next month, such non-active users won’t count against the Monthly Active Users (MAU) for the next month if they don’t login again during the next month.

You could also run scheduled tasks to cleanup the user base after x days or so, removing users who haven’t purchased anything (which you could store as a flag in a user’s metadata, or app_metadata to be precise).

Also note that there’s no hard limit/blocker when you reach the subscription limit. That’s a soft limit.