I’m using Universal login feature.When a user try to signup with pre-existing mail address,
invalid_signup error returns instead of
user_exists from authentication API. because of this, correct error message is not shown in Universal login page(I expect to display like
User already exists)
On the other hand,
user_exists error is shown on dashboard logs at the same error.
I created fresh a new tenant and try it again, then I saw correct
user_exists error in the same situation. Therefore, I think tenant setting or some code of rule and custom database script is wrong. But I don’t still find the root cause. Is there anyone who has any idea?
Umm, weird behavior. I extracted the tenant setting which I ran into the problem and copied them to another tenant with auth0-deploy-cli. but the another one works as expected (I saw
Can someone tell me what this setting is?
I’m having the same problem and can’t figure it out
Hello, we recently changed
user_exits error to
invalid_signup to improve security against a potential username enumeration attack.
The feature is “on” by default for new tenants so these would get a generic
invalid_signup error. For existing tenants it’s an opt-in behaviour which can be enabled from tenant settings.
You can find the official notification here.
We highly recommend that you turn on this feature to close username enumeration threat.
OK, I understand. thank you for the reply.
Let us know if you have any other questions regarding that
This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.