We would like to inhibit an attacker from obtaining a list of our users. Unfortunately the signup functionality on the auth0 database connection returns a particular error code
user_exists when the user already exists. This allows an attacker to identify users by attempting to signup.
We would like to suppress this error response for all situations where the signup is not allowed (e.g. because a pre-registration hook has prevented signup, or because the user already exists or etc).
Is this possible?