Crappy workaround to limit client side account creation. Is there a better way?
Good afternoon/morning/evening! π
In my project (client side) I use the Account API to create a session by using the Account.createEmailSession() method, and also I use JWT for other parts.
This works fine. A (for me) nasty side effect however is that it also allow users to use the Account.create() method. I prefer to handle account creation from a cloud function because I set additional parameters in a document as well. So the cloud function is where I use Account.create() and the additional parameters, in one go.
From a previous post I learned (thanks for that!) that itβs possible to disable individual services for the client side: https://discord.com/channels/564160730845151244/1206570351547392050
So I thought of disabling the Account API for the client. However, this of course not only disables Account.create() but also Account.createEmailSession(). I still need createEmailSession() for user to log in.
As a workaround I decided to set Users limit to 1 (I'd like to set it to 0, but that's not possible, so setting it to 1 is the way to go). That way I can still use createEmailSession(), but stop users from calling create() from the client side since the user limit is hit.
I was wondering, this workaround seems to work fine, but it feels like a crappy one. Does anyone if there's a better way of achieving this?
Honestly I'd still like to disable the Account API for the client completely, because I don't want users to be able to call updatePhone() for example, but I can't think of a workaround for using Account.createEmailSession() without using the Account API.
Crappy workaround to limit client side account creation. Is there a better way?
