Error message bug in custom-login

Hi all, I’m encountering a weird issue with error messages for custom-login. In short, it looks like what should be a username_exists error is actually returning as something else, and thus prints the fallback error message.

  • I’m using a customized universal login page + Lock.
  • I’ve enabled “Requires Username” in the database connection, so an additional username field is added to the login page automatically.

When a user tries to sign up with a username that’s already taken, it errors out as expected. But for some reason, the error message that prints on the page is the lock.fallback, not the username_exists message, like expected. Is this a bug?

I’ve already confirmed that it’s an issue with the username. When I use the exact same credentials and a different username, then signing up succeeds.

Here’s the snippet of code specific to lock:

    // Available Lock configuration options: https://auth0.com/docs/libraries/lock/v11/configuration
    var lock = new Auth0Lock(config.clientID, config.auth0Domain, {
      // Other config here
      languageDictionary: {
        title: '',
        error: {
          signUp: {
            'lock.fallback': "There was an error signing up. Please try again",
            "username_exists": "This username already exists",
          }
        },
        signUpTitle: '',
        usernameInputPlaceholder: 'Username',
        passwordInputPlaceholder: 'Password',
        usernameOrEmailInputPlaceholder: 'Email'
      }
    });

But here’s what actually shows when user tries to sign up with a username that’s already taken:

image

Hi @mvxt,

In your advanced settings, you can disable the “Use a generic response in public signup API error message” so that the username_exists is returned. Otherwise a generic error will be returned for security reasons.

1 Like

It seems odd that this advanced setting is in the User’s Settings, not that settings for a specific application. This is why I wouldn’t have known or found this setting.

For example, what if a user wants to return generic responses for one of their applications but not another?

Either way, thank you! This fixes my issue for now.

Glad to hear that solves your issue! Yes, this functionality is set at the tenant level. If you have a use case that would require different settings for different apps, it’d be great to get your feedback: