I’m using Universal login feature.When a user try to signup with pre-existing mail address, invalid_signup error returns instead of user_exists from authentication API. because of this, correct error message is not shown in Universal login page(I expect to display like User already exists)
I created fresh a new tenant and try it again, then I saw correct user_exists error in the same situation. Therefore, I think tenant setting or some code of rule and custom database script is wrong. But I don’t still find the root cause. Is there anyone who has any idea?
Umm, weird behavior. I extracted the tenant setting which I ran into the problem and copied them to another tenant with auth0-deploy-cli. but the another one works as expected (I saw user_exists error)
Hello, we recently changed user_exits error to invalid_signup to improve security against a potential username enumeration attack.
The feature is “on” by default for new tenants so these would get a generic invalid_signup error. For existing tenants it’s an opt-in behaviour which can be enabled from tenant settings.