How to distinguish first login after sign up

supergrounded · November 22, 2022, 4:14am

I am trying to add a new flow for updating Stripe to create a new customer profile after a user has successfully signed up. After the customer profile has been created with Stripe, it will add the customer id to the app metadata of the user. I added the following flow to the onExecutePostLogin step:

exports.onExecutePostLogin = async (event, api) => {
  if (event.stats.logins_count === 1) {
    const customer = await stripe.customers.create({
      email: event.user.email,
    });
    api.user.setAppMetadata('stripe_customer_id', customer.id);
  }
};

However, whenever I tried to retrieve the metadata using the management api in my SPA Angular application, this block of code is being executed again. It seems like it’s not able to distinguish first time log in with token retrieve I believe? and it’s causing the same customer profile to be created once again in Stripe.

Is there any way to add more check to make sure that this block of code is only executing right after sign up, and not any other time?

tyf · November 22, 2022, 4:49am

Hey there @supergrounded welcome to the community!

That’s super curious it’s being executed again, as it should only be run when there is a login event and in this case only on the first event Are you able to see 2 separate login events in your dashboard logs (monitoring → logs)?

Could you move this to a pre user registration action instead? It might be a good use case for it.

supergrounded · November 22, 2022, 3:19pm

Are you able to see 2 separate login events in your dashboard logs (monitoring → logs)?

There is only one login event when I check the log, but I think the code was executed again during the silent auth.

Could you move this to a pre user registration action instead? It might be a good use case for it.

For putting it in pre user registration, what if the user’s registration wasn’t successful and the email provided wasn’t valid? Then in this case the Stripe customer creation wouldn’t make sense in the pre user registration right?

gparascandolo · November 22, 2022, 8:51pm

Post-Login Actions do occur for silent authentication requests.

A reliable solution would be to see if stripe_customer_id already exists in the user app_metadata object, and skip the action for the user if it does.

However, if you need to rely on first logins only in the Post-Login Action flow instead, something like below might help

// check if user has more than one login, or if this is a refresh token rotation, or a silent auth request
const not_first_login = event.stats.logins_count > 1 ||
                        event.transaction?.protocol === 'oauth2-refresh-token' ||
                        event.request.query?.prompt === 'none';
if (not_first_login) {
  console.log(`Skipping event for user ${event.user.user_id}`);
  return;
}

This will skip the action for the user if the user’s login_count is greater than one, or if the Post-Login Action was triggered by refresh token rotations & silent authentication requests.

Hope this helps!

supergrounded · November 23, 2022, 12:58am

Checking if the stripe_customer_id is already set definitely helped! Thanks!

system · December 7, 2022, 12:58am

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.