With lock, is there any difference between what happens when someone logs in with a social connection versus when they ‘sign up’ with a social login?
There is some difference from an UI perspective, for example, if you configure Lock latest with
mustAcceptTerms enabled and then go to the Sign Up tab the social connections will appear disabled until the user marks the terms as agreed. Have in mind this is just from an UI perspective as if the user chooses the social connection from the login section than it can freely login/sign up without accepting terms. However, this may still be useful in cases where you show only the Sign Up section purely for cosmetic reasons and don’t care the user could just perform a straight login to bypass this.
mustAcceptTerms is true, there would be legal issues if a user can login without accepting terms. Laws in many regions require a checkbox-ish consent before signing up. Implicit agreement like “By signing up, you agree to blah…” can be un-enforceable.
It would be ideal if Auth0 lock can check whether a user has signed up first, then redirect the user to Sign Up tab to accept terms if not.
I understand the use case and I know there was some discussions around having the whole accept terms functionality a bit more ironed out, but at this time I don’t think there any immediate plans to change it. As it stands, that toggle is more cosmetic than anything else (it does not even gets sent as part of the registration data) so if you have strict requirements you may need to roll your own terms enforcement.