Auth0 Home Blog Docs

Enforce registration for social logins




We currently use the auth0 lock to register and sign in users with LinkedIn, Facebook or E-Mail/Password. Due to the new GDPR legislation it is necessary that all users accept our Terms and Condition.

We do this currently by requiring the checkbox in the registration window to be ticked. Unfortunately, it is still possible to register/log-in into our application without having this box ticked by selecting one of the social log ins in the sign-in screen.

Is there a way to reject social logins for users that haven’t registered themselves previously and how can we enable it?

Thank you for your help and best regards,


ideally you design the signup flow in a way that’s consistent regardless of how the users will login.

However, if that’s not possible for any reason, you could make use of a rule that looks for an attribute in the User app_metadata to disable logins (return an error) for users that haven’t accepted the Terms and Condition.

Optionally, you could redirect users to a custom screen that shows them the Terms and Condition upon login if they haven’t accepted it yet. Your custom page replies back to Auth0 with either success or error depending if the customer checked the box. If they accepted the conditions, you update the attribute in the user’s app_metadata field to persist it, and avoid showing them the consent screen again.


Currently, the auth0 lock implementation is inconsistent in this regard. That’s why I was hoping that there is a common solution or flag I can provide.

I will checkout the app_metadata. Thanks for the hint!