Error message bug in custom-login

mvxt · April 8, 2021, 12:12am

Hi all, I’m encountering a weird issue with error messages for custom-login. In short, it looks like what should be a username_exists error is actually returning as something else, and thus prints the fallback error message.

I’m using a customized universal login page + Lock.
I’ve enabled “Requires Username” in the database connection, so an additional username field is added to the login page automatically.

When a user tries to sign up with a username that’s already taken, it errors out as expected. But for some reason, the error message that prints on the page is the lock.fallback, not the username_exists message, like expected. Is this a bug?

I’ve already confirmed that it’s an issue with the username. When I use the exact same credentials and a different username, then signing up succeeds.

Here’s the snippet of code specific to lock:

    // Available Lock configuration options: https://auth0.com/docs/libraries/lock/v11/configuration
    var lock = new Auth0Lock(config.clientID, config.auth0Domain, {
      // Other config here
      languageDictionary: {
        title: '',
        error: {
          signUp: {
            'lock.fallback': "There was an error signing up. Please try again",
            "username_exists": "This username already exists",
          }
        },
        signUpTitle: '',
        usernameInputPlaceholder: 'Username',
        passwordInputPlaceholder: 'Password',
        usernameOrEmailInputPlaceholder: 'Email'
      }
    });

But here’s what actually shows when user tries to sign up with a username that’s already taken:

stephanie.chamblee · April 8, 2021, 6:05pm

Hi @mvxt,

In your advanced settings, you can disable the “Use a generic response in public signup API error message” so that the username_exists is returned. Otherwise a generic error will be returned for security reasons.

mvxt · April 9, 2021, 5:51am

It seems odd that this advanced setting is in the User’s Settings, not that settings for a specific application. This is why I wouldn’t have known or found this setting.

For example, what if a user wants to return generic responses for one of their applications but not another?

Either way, thank you! This fixes my issue for now.

stephanie.chamblee · April 9, 2021, 11:14am

Glad to hear that solves your issue! Yes, this functionality is set at the tenant level. If you have a use case that would require different settings for different apps, it’d be great to get your feedback:

system · April 24, 2021, 11:14am

This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Custom database: signup returns vague error when user already exists Help custom-database	2	3431	November 11, 2021
Custom error message using lock template in universal login not working Help lock , auth0 , universal-login	3	8502	May 28, 2020
Sign up error not displayed correctly Help login-experience , new-universal-login-experience	6	46	August 14, 2024
No duplicate username error Help	5	1839	September 5, 2022
Surpressing "user_exists" response on signup Help signup , runtime , user-creation , webauth , existing-users	4	4303	March 2, 2018

Error message bug in custom-login

Related Topics