Hey there, I’m trying to disable a user from being logged in automatically after they sign up, there is no detailed documentation on how to do this when using auth0-react.
Are you using the New or Classic Login Experience for Universal Login?
auto_login is the parameter used for auth0.js and loginAfterSignup is used for lock.js. These are libraries used for customizing the Classic Universal Login Experience.
If you are using the Classic Experience, you can use the loginAfterSignup or auth_login option by going to Branding > Universal Login and going to the Login tab and selecting either Lock.js or the Custom Login Form options from the template dropdown.
If you are using the New Universal Login Experience, you can use a rule to throw an unauthorized error so that the user will be redirected to your page with the error and error description in the URL. Your app can show a user-friendly message using the information returned in the URL query params.
For example, here is how you would throw an error for a user who has not verified their email address:
function emailVerified(user, context, callback) {
if (!user.email_verified) {
return callback(new UnauthorizedError('Please verify your email before logging in.'));
} else {
return callback(null, user, context);
}
}
I think my problem may be related to this. I’m using universal login in a React Native app that’s relying on Expo (managed). I have users successfully authenticating, but can’t figure out how to switch users (ie. a teacher lends an iPad to another student and first needs to remove the previous student’s state). However, sending the user back through the login flow causes Auth0 to find previous tokens (in the browser cookie perhaps) and reuse or refresh them automatically, essentially allowing anyone handed this device to login as the previous user without specifying credentials. What is the flow to clear the currently stored tokens or other state, such that upon login, a user is required to enter username/password for a fresh authentication? I am using the library expo-auth-session and passing it a constructed URL of the format https://${auth0Domain}/authorize${queryParams} where queryParams specify client_id, redirect_uri and response_type: “token id_token”. Thanks!
I may have misunderstood your question. Would you like to prevent users from being logged in after sign up or would you like to present the signup page instead of the login page? You can make users land directly on the Signup page instead of the Login page by specifying the screen_hint=signup parameter when redirecting to /authorize:
I apologize, I had a lot of tabs open and got confused.
Back to the original question…
I do have a rule in place…
function emailVerified(user, context, callback) {
if (!user.email_verified) {
return callback(
new UnauthorizedError('Please verify your email before logging in.')
);
} else {
return callback(null, user, context);
}
}
If a user that is not verified logs in, no message (please verify your email address) is showed to the user, the page just gets redirected and blinks, which is a bit confusing. Is there something else that can be done to notify the user that he/she needs to verify the email?
With the rule enabled, the user will be redirected to your callback URL along with the error in the query param. For example, the redirect will look something like this: