Auth0 Home Blog Docs

Why do Signup-Only Applications allow signups from different emails than the one sent the password set link?


I have a sign-up only application that follows the Auth API flow outlined in Auth0 docs. My system depends on the email of the new user matching the one I sent an invite to, but it looks like Auth0 is allowing signups from different email addresses for the same person who got the link. Is there a way to prevent this so that only the email address to which I’ve sent the password reset link is allowed to signup?