Auth0 Home Blog Docs

Invalid_signup error returns instead of user_exists from authentication API

I’m using Universal login feature.When a user try to signup with pre-existing mail address, invalid_signup error returns instead of user_exists from authentication API. because of this, correct error message is not shown in Universal login page(I expect to display like User already exists)

On the other hand, user_exists error is shown on dashboard logs at the same error.

I created fresh a new tenant and try it again, then I saw correct user_exists error in the same situation. Therefore, I think tenant setting or some code of rule and custom database script is wrong. But I don’t still find the root cause. Is there anyone who has any idea?

Umm, weird behavior. I extracted the tenant setting which I ran into the problem and copied them to another tenant with auth0-deploy-cli. but the another one works as expected (I saw user_exists error)

Hi,
Can someone tell me what this setting is?
I’m having the same problem and can’t figure it out
Thanks!

Hello, we recently changed user_exits error to invalid_signup to improve security against a potential username enumeration attack.

The feature is “on” by default for new tenants so these would get a generic invalid_signup error. For existing tenants it’s an opt-in behaviour which can be enabled from tenant settings.

You can find the official notification here.

We highly recommend that you turn on this feature to close username enumeration threat.

1 Like

OK, I understand. thank you for the reply.

Let us know if you have any other questions regarding that