Example rules for new users not working for Facebook silent auth

nick_5calls · November 4, 2018, 6:22pm

One of the example rules is “trigger Zap on new users” which uses this code to detect a new user:

  // short-circuit if the user signed up already
  if (context.stats.loginsCount > 1) {
    return callback(null, user, context);
  }

That’s fine for many cases, but refreshing a token such as Facebook with silent auth (as mentioned in the docs) doesn’t increase the loginsCount, so these users are showing up on my daily new user email even though they’re FB authenticated users who first signed up days, weeks, months ago.

How can I exclude these silent auth users from this rule? Is there another part of the context object I can look at to detect this was a silent auth flow?

nicolas_sabena · November 5, 2018, 10:04am

Hi Nick.
You can use this logic to detect a silent authentication flow:

if (context.request.query && context.request.query.prompt === 'none') {
  // this is a silent token request, skip sending emails
  return callback(null, user, context);
}

Note that this is based solely on user input, so don’t use this logic to skip any required security challenge (like MFA or a redirection).

system · January 7, 2019, 7:46pm

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.