This has been asked before: Difference between login & signup for social? but now since GDPR is in place I would like to ask it again:
I am using lock v11 to let users register and login via database, facebook and google. For the registration I have added a checkbox with the text “I accept the usage terms detailed in (link)” and added
to the lock options. Therfore, only after checking this box, registration can be completed using any of the three methods, since before checking e.g. the facebook and google buttons are disabled.
However, nothing stops users to directly login without registration if they use social login. Only the users with database login need to register and thus need to check the “accept terms” box.
Since explicit acceptance of terms is legally required in many cases, the current solution seems incomplete. Could an improved lock be provided that prevents social login unless the users has checked an “accept terms” check box?