Overview
By default, Auth0 may display a generic error message during signup attempts with an already registered email. This is a security feature to prevent user enumeration. This article will provide steps to show a more user-friendly message to improve the user experience.
Applies To
- Universal Login
Cause
When "Use a generic response in public signup API error message " setting is enabled, Auth0 returns a non-specific error message (e.g., “We’re sorry, something went wrong when attempting to sign up.”) to prevent attackers from determining whether a user exists.
Solution
To display a more descriptive error message when a user tries to sign up with an already registered email:
- Log in to the Auth0 Dashboard.
- Navigate to Settings > Advanced.
- Locate the setting “Use a generic response in public signup API error message”.
- Disable this setting.
- Save the changes.
Once disabled, users will receive clearer messages (e.g., “The user already exists.”) during signup attempts.
NOTE: Disabling this setting increases the risk of user enumeration, since attackers can programmatically detect whether an email is associated with an account. For more details, refer to the official Auth0 Documentation: Auth0 Tenant Settings - Generic Response Setting.