allow users to register for any application but not create user accounts

dan

I want to allow users to freely be registered to any number of applications simply by logging in, but not be able to use the self-service registration form to create user accounts (so I don't want them to be able to use the self-service registration form provided by the hosted login pages).

I'll create all user accounts using the User API.

Is there any way to do this?

inspired by this github issue

dan

This is possible in a couple of ways.

First, to allow users to register for an application on login, you need to turn on self-service registration. From the docs:

When you enable self-service registration for an application and a user who does not have a registration for that application successfully logs in to that application, the user will automatically be registered for that application, and have a registration added.

Then the question becomes, how can you disable the hosted login pages self-service registration form?

To do so, take the following steps:

• update your theme to remove the link to the "Don't have an account? Create one" link from any pages, including the login page. You can also remove all the content from the registration themed page and replace it with not implemented or similar. However, a sinister user may still be able to post to the register endpoint and create a user
• if you are self-hosting, block access to the /register endpoint using a proxy
• if you are not self-hosting, prevent self-service registration by adding an encrypted secret value to all user accounts you create via the API. Then, create self-service registration validation lambda which will examine the user object. If the user object comes through without the secret value, fail the registration. Otherwise allow it through because it is a user who has logged in.

The self-service lambda may not fire unless there are required fields on the registration form, but that behavior is undocumented and may change.