How Logins count Attribute works

Problem Statement

We noticed that the Login count equals 1 even without a verified email.

Solution

The logins count is the “Number of times the user has logged in. If a user is blocked and logs in, the blocked session is counted in”.

The logins count will be updated in the following circumstance:

  • After the user authenticates with username/password in an Auth0 DB connection through Universal Login
  • After the user authenticates through /oauth/token with any credential supported by the endpoint (password, passwordless OTPs, native social).
  • After the user authenticates through /co/authenticate (embedded login from Single Page applications)
  • After the user authenticates in an upstream identity provider. In this case, they might not need to enter credentials if there was already a session with the upstream identity provider
  • Before rules execute. This has the following implications:
    • When you login as part of signup, logins_count == 1
    • If for whatever reason, the user is not redirected to the application after rules execute (an error is returned, or they don’t complete MFA), the logins_count is incremented anyway.

The field will not be updated in this scenario:

  • If the user already had a session in Auth0 and does not need to provide credentials (e.g SSO, silent authentication).
    *If you login by calling directly dbconnections/signup. If you login after signup, it will be incremented in that first login.

As explained above, regarding email verification, if the user is signed up even if they have not verified their email, they could have a login attempt of 1.