Social Auth User Account Matching

Q: Once our realm is setup to support social login (ex: Google), does every logged in and authenticated Google account automatically create an AuthRocket user?


A: Yes, as part of the matching process, if a user with a matching email cannot be found, AuthRocket creates a new user, creates a login session, and passes a login token to your login handler.

In the event that an unknown (and potentially unwanted) user performs a social login, there are a couple ways you could handle it:

a) Direct them into your registration process, possibly skipping setting a password. If they don’t complete this within a reasonable time, either delete the User from AuthRocket or even just leave the account there and restart the registration process again if/when they return.

b) Display an error message, potentially with a link to your normal signup, and immediately delete the User.

Tagged with: social auth users

Questions? Find a Typo? Get in touch.