webAuth.signup does not detect email conflicts when an existing user was created through a social identity provider


I’m currently encountering a weird edge case that I’m hoping someone might be able to shed some light on. My current application allows for Social Sign-on with Google & Github, as well as a customized form to sign-up using the auth0js WebAuth configuration. I have existing rules setup that will normalize emails & merge profiles that match email addresses, but I’ve noticed a very unique edge case that I can’t seem to resolve with rules or hooks, and I’m honestly not sure why I’m encountering it.

The bug is as follows:

  1. A user signs up using a Social Identity Provider (Google)
  2. Once their account is created, a user navigates back to the Sign-up page to create a new user using the form this time. They submit the request using the same email address as the one they user for their Google sign-up, and are returned the new profile rather than user that was merged into the existing one.

I’ve tried creating rules & hooks to resolve this, but each seems limited in their own way. One solution I tried to implement was a pre user registration rule to check to see if the user exists in the database (calling the /api/v2/users-by-email) from a hook, but I don’t have access to the auth0.accessToken here. Would anyone happen to have experienced this / have any thoughts on how to resolve this? I’m not sure why auth0 isn’t automatically detecting email collisions at the outset of the request like it would if a user tried signing up through the form twice in a row