Q: Once our realm is setup to support social login (ex: Google), does every logged in and authenticated Google account automatically create an AuthRocket user?
A: Yes, as part of the matching process, if a user with a matching email cannot be found, AuthRocket creates a new user, creates a login session, and passes a login token to your login handler.
In the event that an unknown (and potentially unwanted) user performs a social login, there are a couple ways you could handle it:
a) Direct them into your registration process, possibly skipping setting a password. If they don’t complete this within a reasonable time, either delete the User from AuthRocket or even just leave the account there and restart the registration process again if/when they return.
b) Display an error message, potentially with a link to your normal signup, and immediately delete the User.
Tagged with: social auth users
Questions? Find a Typo? Get in touch.