Validate and Block Social Login If User Email Address already exists and not verified

Users can register and login on our platform directly with email address or via sso login . We need to deny SSO login for a user if the email address already exists and not verified in auth0 (No account linkage) using Actions. I have read through the proposition from this but want to know if there exists a better flow.

Hi @dayocodes,

Welcome to Auth0 Community!

You should be able to accomplish this use case using Actions. For social connections, the pre-registration and post-registration Actions do not run, so you would need to use the post-login Action, and you would want to make sure it is the user’s first time logging in by using event.stats.logins_count === 1.

From there you can do a user search for the same email and if email_verified is false, and if so you can then deny access and delete the account.

Here is an example of what the Action could look like:

exports.onExecutePostLogin = async (event, api) => {
  if(event.stats.logins_count != 1){return;}
  const ManagementClient = require('auth0').ManagementClient;
  const management = new ManagementClient({
    domain: event.secrets.domain,
    clientId: event.secrets.clientId,
    clientSecret: event.secrets.clientSecret,

  const params = {
    search_engine: 'v3',
    q: `email:"${}" AND email_verified:false`

  try {
    const users = await management.getUsers(params);
    if (users.length > 0) {
      management.users.delete({ id: event.user.user_id });
      api.access.deny('duplicate_email', 'You already have an account with a Database Connection, and the email is not verified yet');
  } catch (e) {
    // Handle error

Hope this helps!


1 Like

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.