We currently use universal login which allows the user to switch to create account even it we start them in the login flow.
To be able to enforce iOS app age verification only when creating an account, we need to know when a user goes to the create an account flow. We cannot allow the user to transparently go from the login flow to account creation.
If it possible to use the Auth0 universal login flow and disable the create account option so that it does not appear. And have a separate flow initiated by the app that only allows account creation but not login?
Or is the only solution to create a native UI for login and account creation and use the Resource Owner Password Flow?
I understand that you are looking to use Universal Login, but disable the account creation option and direct any signup requests through a separate flow.
Allow me to share some steps that should allow you to obtain the desired flow:
Disable the Sign-Up option: In your Auth0 Dashboard Navigate to Authentication > Database > Select your database connection ( Username-Password-Authentication as an example), then scroll down and enable the " Disable Sign Ups " option. This will remove the “Don’t have an account? Sign up” link from the Universal Login;
Configure a second Database that handles Sign-up:
Create a second Database Connection in Auth0 (e.g., App-Signup-Connection ). Keep Disable Sign Upsturned off for this second connection.
In your Auth0 App settings, enable both connections for your iOS application.
For standard Login: Initiate your authorization request and specify the database connection containing your registered users:
Auth0
.webAuth()
.parameters(["connection": "Username-Password-Authentication"])
.start { result in ... }
For App-Initiated Signup (with Age Verification): Perform your age verification natively in iOS. Once verified, redirect the user to Auth0 with the screen_hint and connection parameter targeted specifically at the sign-up database:
Auth0
.webAuth()
.parameters([
"screen_hint": "signup",
"connection": "App-Signup-Connection"
])
.start { result in ... }
Please do keep in mind that Auth0 does not recommend using the Resource Owner Password Flow due to security risks and feature limitations.
The following documentations should prove useful for configuring the overall process:
I’ve prototyped this. It doesn’t look like it works. The two database connections end up with two different databases. If the user signs up with “App-Signup-Connection” then tried to login with “Username-Password-Authentication”, it will always fail to login because the user was created with the App-Signup-Connection and the Username-Password-Authentication does not have access to those users.
Is there some configuration option to relate the two database connections so that they share the same user accounts?