Before registration via login of social accounts in our Auth0, we need to validate if the email is existing in Auth0 database and in our DB via API. We can already call the API in Action and it returns true or false whether the email is existing. How do we not proceed with the registration base on condition? Our main goal is if email is not existing in our Auth0 database, the email will not be added as social account user.
Hi @dev40
As far as I known, to determine the identity of the user, Auth0 uses a unique key through a pair of email & Connection, Connection here includes Username-Password, google, facebook, linkedln… It means that if the end-user register with the same email but different Connection, we consider it separate
I used to have the same concerns as you, and find many ways to implement with the intention not to let duplication user email happen in my application, it is really hard.
Then I found out that what we should do is not prevent, but find a way to centralize all the same email under the end-user, which will make our end-users happier when they could authenticate with our application by anyways, regardless of the Username-Password or Social Connection.
My suggestion is using the Account Link extension, it will be detect the existed email, then handle the process of linking Account which is existed. Here is the post: Account Link Extension
Hope this helps.
Mj.
Hi @mj.phong ,
I am already implementing linking if the email is in our Auth0 database and the email logins using social account like google.
Our flow is something like this. 1st we register the account in Auth0 database. These are the users who can access our app. 2nd those users can login using their social account like google. If we see that the email is in Auth0 database, we will link the social account and auth0 database account. If we did not see it in Auth0 database, we should not allow the social account to be registered in Auth0.
Is the last statement possible or maybe you could suggest an alternative flow? We do not want to register a social account in Auth0 if they are not existing in Auth0 database.
Hi @dev40
Understood your expectation.
That’s exciting. Unfortunately I don’t have any implementation experience yet.
What do you think if we turn off Socials on the Sign Up? I found a solution here: Auth0 Actions
@mj.phong I tried this. Account cannot sign-up but the account is still created in Auth0. Even just logging-in the account is created in Auth0. Do you know any implementation wherein we will not create the account in Auth0 during social login?
I am thinking of a workaround that if the email is invalid but registered, I will just use management API to delete this user.
Hi @dev40 .
I tried to use the Hook of Pre User Registration & Rule of Whitelist of Specific Connection to approach the requirement, but it does not work. The new account is still created in database, the best thing I can do is breaking the authentication flow with the Rule.
Until now, your ideal with API to delete the duplicate email + using the Rule of Whitelist is the best choice.
@mj.phong yes I read that Pre User Registration for social accounts does not work. My workaround now is I have an action that will call an API to validate and if the account is invalid and still saved in Auth0, account will be deleted in Auth0 using Management API and the user will be denied to access our app.