How to check whether a Passwordless sign-in is a first-time sign in or not?

oded.magger · January 17, 2021, 9:37am

I implemented a Passwordless connection with SMS, using Embedded Login on React Native.

On a User/Password DB connection, sign up and log in are two distinct API calls. On Passwordless, however, when a user signs in, an Auth0 user is created implicitly if no user previously existed for that phone number.

Is it possible to know whether a Passwordless sign in is a ‘Sign Up’ or a ‘Log in with exisitng user’?

The only solution I could think of was calling the User Management API to see if a user with this phone number exists, but I really want to avoid the additional API call, as well as the privacy and security risks derived from letting pre-authenticated end user pull data about existing users.

stephanie.chamblee · January 19, 2021, 8:57pm

Hi @oded.magger,

I am setting up a passwordless connection with SMS now to look into this.

Does your app need to know if the user is newly created after they log in or do you need to access this info elsewhere?

What SDK are you using?

oded.magger · January 19, 2021, 9:10pm

Thank you for checking, @stephanie.chamblee !

I am using GitHub - auth0/react-native-auth0: React Native toolkit for Auth0 API .

Yes, the app needs to know if the user is newly created directly after login is successful.

stephanie.chamblee · January 20, 2021, 1:16pm

Ah okay! One way to accomplish this would be to add the user’s login count as a custom claim in the ID Token via a Rule. The Rule has access to the user’s login count from the Context Object.

To set this up, you can click on Rules from within your dashboard and click “+ CREATE RULE”. Select “Empty Rule”.

function (user, context, callback) {
  const namespace = 'https://YOUR_APP_DOMAIN/';
  const userType = context.stats && context.stats.loginsCount === 1 ? 'new' : 'existing';
  context.idToken[`${namespace}userType`] = userType;
  return callback(null, user, context);
}

When you decode the ID Token the value of namespace/userType will be either “new” or “existing” based on their login count. You could alternatively include the login count as the custom claim if preferred by adjusting the code within the Rule.

function (user, context, callback) {
  const namespace = 'https://YOUR_APP_DOMAIN/';
  const loginCount = context.stats && context.stats.loginsCount ? context.stats.loginsCount : 0;
  context.idToken[`${namespace}loginCount`] = loginCount;
  return callback(null, user, context);
}

Here are docs about adding custom claims to ID Tokens: Sample Use Cases: Scopes and Claims

oded.magger · January 21, 2021, 4:35pm

Thanks, @stephanie.chamblee ! Tested it and it works like a charm.

system · February 5, 2021, 4:35pm

This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
How to detect new user vs existing one Help	6	4204	June 12, 2019
How to differentiate SignIn from SingUp in React Native? Help login-experience , new-universal-login-experience	2	603	September 27, 2023
Rule Not Working w/ API Calls from my React Native app Help authentication-api , api , rules , react-native	3	3510	December 4, 2019
Passworless (SMS) login Help login-experience , login-prompt-new-experience	0	264	May 27, 2024
Unable to login and get userinfo Help auth0 , login	2	5962	February 11, 2019

How to check whether a Passwordless sign-in is a first-time sign in or not?

Related Topics