That’s correct. When users sign up on your application, they are automatically logged in. This is by design and unfortunately cannot be avoided.
As a workaround, you can create a custom user registration page where you call the Authentication API’s Signup endpoint. This will create the user but not automatically log in. Using the Authentication API avoids an additional call for getting an access token to call the Management API.
Thanks for the answer Ruben. However, maybe I’m reading it wrong, but it’s not exactly what we want to do.
User will signup on a custom page on our SaaS. Then, what would be the best way for us to create the user in Auth0 and have the user already logged in in Auth0 without him needing to input email and password again in Auth0 login form?
It looks like we have a similar question asked in the Community that’s answered in this thread.
Essentially, since you will have the user’s email and password after creating the user, what you need to do is obtain an access token and send it to the client.
Please refer to the thread above and let me know if you have any questions.
Using Auth0 API Management, we add user to specific Auth0 Organization with Auth0 Management API v2
Then, on our custom signup page, using Auth0 Javascript SDK we login the user on Auth0 using auth0.webAuth.login(). It works, BUT, the user is presented with this page to authorize the app:
Yes, you can skip the consent page only for first-party applications. You can do this by going to your API settings on the dashboard and enabling the Allow Skipping User Consent option.
It’s unfortunately not possible with third-party applications as they are assumed to be untrusted.