Users can register and login on our platform directly with email address or via sso login . We need to deny SSO login for a user if the email address already exists and not verified in auth0 (No account linkage) using Actions. I have read through the proposition from this but want to know if there exists a better flow.
Hi @dayocodes,
Welcome to Auth0 Community!
You should be able to accomplish this use case using Actions. For social connections, the pre-registration and post-registration Actions do not run, so you would need to use the post-login Action, and you would want to make sure it is the user’s first time logging in by using event.stats.logins_count === 1.
From there you can do a user search for the same email and if email_verified is false, and if so you can then deny access and delete the account.
Here is an example of what the Action could look like:
exports.onExecutePostLogin = async (event, api) => {
if(event.stats.logins_count != 1){return;}
const ManagementClient = require('auth0').ManagementClient;
const management = new ManagementClient({
domain: event.secrets.domain,
clientId: event.secrets.clientId,
clientSecret: event.secrets.clientSecret,
});
const params = {
search_engine: 'v3',
q: `email:"${event.user.email}" AND email_verified:false`
};
try {
const users = await management.getUsers(params);
if (users.length > 0) {
management.users.delete({ id: event.user.user_id });
api.access.deny('duplicate_email', 'You already have an account with a Database Connection, and the email is not verified yet');
}
} catch (e) {
console.log(e)
// Handle error
}
};
Hope this helps!
Thanks,
Dave
1 Like
This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.