Enforce terms consent for social login via lock

heike · December 16, 2018, 10:35pm

This has been asked before: Difference between login & signup for social? but now since GDPR is in place I would like to ask it again:

I am using lock v11 to let users register and login via database, facebook and google. For the registration I have added a checkbox with the text “I accept the usage terms detailed in (link)” and added

mustAcceptTerms: true

to the lock options. Therfore, only after checking this box, registration can be completed using any of the three methods, since before checking e.g. the facebook and google buttons are disabled.

However, nothing stops users to directly login without registration if they use social login. Only the users with database login need to register and thus need to check the “accept terms” box.

Since explicit acceptance of terms is legally required in many cases, the current solution seems incomplete. Could an improved lock be provided that prevents social login unless the users has checked an “accept terms” check box?

markd · December 23, 2018, 1:51pm

Hello @heike,

An immediate solution to this problem is to create a rule that checks for T&Cs acceptance. Add a rule that implements the logic:

if app_metadata.terms_accepted = false:
    display T&Cs popup

system · February 11, 2019, 5:44pm

This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.

mathiasconradt · March 19, 2020, 8:33am

Updating this older post, but since it was referenced from a post today, see: