Any check if user/email exists with auth0.js?

I have searched the api for reference in auth-0.js for any reference on check if exists, the closest thing I found was checksession, but really wanted to ask if anyone knows!

@christopher.eugene.r can you elaborate more on what you mean by check if exists? If you referring to check whether the session exists that is the only non-deprecated option we have today.

@sgmeyer if username and email exists.

@christopher.eugene.r we do not have an endpoint that doesn’t require an access_token that will allow you to check this information. At Auth0 we do not like having a publicly exposable endpoint allowing you to check user existence. This would allow a user to discover all your users’ emails. The only way you can get this information is trying to register a user that already exists.

You could, with a token, call the users-by-email endpoint to check if a user exists by email:

or user search endpoint for username:

@sgmeyer Thank you for response. I would plan to do that with a backend call to do this then. Any tutorials on how to do backend calls with that api route?

@christopher.eugene.r here are a couple docs you will need:

  1. How to setup the client_credentials application using the dashboard: Update Grant Types

  2. How to initiate a client_credentials call. This will be used for your back-end server application to fetch a token for itself.

The docs for the #2 contains a link to a github repo that has a sample server side + api application. These docs should give you everything you need to know how to setup the pieces you need.

@sgmeyer Thank you for this. So to make this happen, I have to request a token for every request I make, then i put a bearer in body for each call of resources I want?

@christopher.eugene.r you do not have to do a client_credential call for each request you make. You can retrieve a token, cache that token for the application, and then use that token as an authorizaiton header each time you call the API:

Authorization: Bearer xxx.yyy.zzz

If you wanted to fetch a token you could everytime, but this is really unnecessary and it can be cached since those tokens are good for some time (also configurable). Since this is a client_credential call that token is good for the application and not a specific user.

@sgmeyer I found this one that helps me a lot with all mentioned above, its complex to start from scratch.

I do have a question about it. Does this do the work for me in this code, so I do not need to put bearer into request body after I validate?

@christopher.eugene.r this is a mono repo that has some examples of how to do client_credentials. This is a very straight forward and simple flow. There are many Auth0 SDKs in various languages that can do this with minimal effort. If you select and Auth0 SDK it will abstract away any details of how to add an authorization header and it will also give you handy methods for client credential call. You do not need to do the raw HTTP request on your own.

Have you looked into any of our SDKs in the language/framework you are developing in?