I’m seeking advice on implementing open signups using the New Universal Login in our application, as I’ve encountered some challenges despite extensive research. Here’s our current setup and the requirements we’re trying to fulfill:
Current Setup:
Auth0 Plan: Paid subscription.
Login Experience: New Universal Login.
Current Flow: Invitation-only. We:
Create a user in our backend and save them to our database.
Create the same user in Auth0 via the Management API.
User Segregation: Based on a “userType” stored in Auth0 metadata. We also store their user id record in our backend db.
We want to introduce a new userType that allows users to sign up independently via a smooth, frictionless flow. Ideally:
Collect lead information first (e.g., name, email, etc.) and store it in our backend.
Direct the user to Auth0 for signup while linking their account seamlessly with the backend record.
However we are facing some issues:
User Record Creation Flow:
Backend First:
Storing lead information in our backend before signup is straightforward. However, we need to associate the user’s backend record ID with their Auth0 metadata once they have signed up in Auth0. The only viable approach seems to be using post-signup Actions to query our backend for the user ID. Would appreciate other ideas.
This raises concerns about security (e.g., exposing an open endpoint or setting up M2M authentication just for this).
Auth0 First:
Starting with Auth0 signup means we can’t capture lead information pre-signup. Other auth providers support features like temporary or anonymous auth for tracking users before account creation, but this doesn’t seem available with Auth0. For example, most other auth systems like Firebase or Supabase etc allow you such methods to create an anonymous user and upgrade them later.
Local Development Constraints:
We’ve explored using Auth0 Forms, but Actions don’t work in local development environments. This violates local-first principles, making it impossible to test the signup flow during development
Set user type:
How can we set user types through open sign up? We cant figure out a good way to do this, we want all users who sign up through open sign up to be assigned the new ‘userType’.
I suppose if we boil down our use case here, we want to store data about this user type on our backend (i.e. their lead information as a potential customer), and then let them sign up through Auth0 new Universal Login sign up.
The main issue is we need to have their user account linked to our backend records by having the user id in the user metadata as well as their user type. Which leads to a kind of chicken and egg scenario.
Thank you for posting your question. If the user login process relies only on Database Authentication, you can utilize the Pre-User Registration Action to fetch information from your API about a new user (user-id) → Pre-user Registration Trigger or use the async Post-user Registration Trigger to send information to the external API → Post-user Registration Trigger. If your users will use other login methods you can optionally utilize the event.stats login_counts property in the event object to conditionally trigger the logic of fetching information from your system on the initial login. → Actions Triggers: post-login - Event Object
Thanks for your response. I have explored this already as mentioned in my post, that the actions/triggers are only available in the production/dev/deployed environment - they are inaccessible for use in localhost.
This is a big deal for us as we want to be able to easily test and debug our signup flow from within our local environments. Our current setup is something that allows for account sign up to be tested from local developer machines, and we would like to not fracture our codebase by adding exceptions.
Additionally, I believe setting up something like this would require us to use M2M tokens on an endpoint which allows you to request information on our API, which we would also like to avoid.
Are there any other options we can take here? It is a important feature to be able to store data about a user prior to signing up - e.g. writing data about their shopping cart for example. Additionally, this would require us to ask for the user’s email twice in the sign up flow - once when we save their data to our database (so that auth0 can ask for it in a pre-signup trigger to get the user id), and once when the user signs up in Auth0. This is not exactly a smooth sign up experience. What if we do not want to ask for the email before signing the user up though Auth0? It is a bad user experience to ask the user for their email twice, and my use case is common, for example in ecommerce sites where we want users to interact with the database & shopping cart without needing identifying information until checkout.
Other auth providers have routes which allow you to associate a user with a temporary id prior to sign up. This would solve our issues, as we could issue an id prior to sign up and store that, and convert to a full user with sign up like in the following services:
Firebase - Anonymous Authentication - temporary user id which can be later converted when user signs up
AWS Cognito - Identity pools allow for anonymous users to take actions on dynamo and can be converted with same identifier
Supabase - anonymous auth - allows you to create temporary users for users who haven’t signed up yet
Thank you for the reply. The only other option for user creation I can think of is to utilize the user creation with the Management API, which you currently use in your current setup. I’m afraid there’s no better option for the proposed flow without actions. For the mentioned features that are presently missing in Auth0, I would encourage you to open a new thread in the Feedback category (separate for the local development improvement and anonymous authentication). If the feature gains interest among other community members, our engineering team will consider adding it to Auth0.