Auth0 Home Blog Docs

Enforce terms consent for social login via lock


This has been asked before: Difference between login & signup for social? but now since GDPR is in place I would like to ask it again:

I am using lock v11 to let users register and login via database, facebook and google. For the registration I have added a checkbox with the text “I accept the usage terms detailed in (link)” and added

mustAcceptTerms: true

to the lock options. Therfore, only after checking this box, registration can be completed using any of the three methods, since before checking e.g. the facebook and google buttons are disabled.

However, nothing stops users to directly login without registration if they use social login. Only the users with database login need to register and thus need to check the “accept terms” box.

Since explicit acceptance of terms is legally required in many cases, the current solution seems incomplete. Could an improved lock be provided that prevents social login unless the users has checked an “accept terms” check box?


Hello @heike,

An immediate solution to this problem is to create a rule that checks for T&Cs acceptance. Add a rule that implements the logic:

if app_metadata.terms_accepted = false:
    display T&Cs popup
1 Like
closed #3

This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.