FusionAuth Forum

Your browser does not seem to support JavaScript. As a result, your viewing experience will be diminished, and you have been placed in read-only mode.

Please download a browser that supports JavaScript, or enable it if it's disabled (i.e. NoScript).

D

Solved How to deal with sign-up spam?

Q&A
• • • dan

5

0
Votes

5
Posts

1.8k
Views

A

@dan It is like that. They use regular /oauth2/register flow to create spam accounts. Even though we deploy WAF, it usually can't catch them as they obey the rate-limits. Screenshot 2025-09-15 at 6.09.30 PM.png
A

OAuth Complete Registration functionality breaks the authorization flow after upgrading to version 1.59.1

Comments & Feedback
• • • atabakov

3

0
Votes

3
Posts

138
Views

D

FYI, this was fixed in 1.60.0, per the release notes.

In version 1.59.0 the password is now optional when creating or updating a user.

When returning from a third-party login, a user may be prompted to complete registration by entering a password when self-service is enabled and is configured to require a password.

This was unintended and has been corrected.

https://fusionauth.io/docs/release-notes/

Tracking issue: https://github.com/FusionAuth/fusionauth-issues/issues/3159

Solved How to deal with sign-up spam?

OAuth Complete Registration functionality breaks the authorization flow after upgrading to version 1.59.1