diff --git a/app/Http/Controllers/OauthController.php b/app/Http/Controllers/OauthController.php
index 5b17fe926..9569e8cfa 100644
--- a/app/Http/Controllers/OauthController.php
+++ b/app/Http/Controllers/OauthController.php
@@ -2,8 +2,10 @@
 
 namespace App\Http\Controllers;
 
+use App\Models\InstanceSettings;
 use App\Models\User;
 use Illuminate\Support\Facades\Auth;
+use Symfony\Component\HttpKernel\Exception\HttpException;
 
 class OauthController extends Controller
 {
@@ -20,6 +22,11 @@ public function callback(string $provider)
             $oauthUser = get_socialite_provider($provider)->user();
             $user = User::whereEmail($oauthUser->email)->first();
             if (! $user) {
+                $settings = InstanceSettings::get();
+                if (! $settings->is_registration_enabled) {
+                    abort(403, 'Registration is disabled');
+                }
+
                 $user = User::create([
                     'name' => $oauthUser->name,
                     'email' => $oauthUser->email,
@@ -31,7 +38,9 @@ public function callback(string $provider)
         } catch (\Exception $e) {
             ray($e->getMessage());
 
-            return redirect()->route('login')->withErrors([__('auth.failed.callback')]);
+            $errorCode = $e instanceof HttpException ? 'auth.failed' : 'auth.failed.callback';
+
+            return redirect()->route('login')->withErrors([__($errorCode)]);
         }
     }
 }