Invalid_signup when email contains +test?

We’ve noticed an error trying to sign up to our application using the email address “foo.bar+test1@gmail.com”, but “foo.bar+candidate@gmail.com” works fine.

Why is this happening?

Is this something that we can configure for our tenant?

Hi @rai1,

Thanks for joining the Community!

I tested out adding foo.bar+test1@gmail.com and foo.bar+candidate@gmail.com in my own tenant, and it looks like both sign-ups are successful.

To help troubleshoot this, can you look in your dashboard logs and see if there are any additional details about the error?

Thanks!

Thanks for having a look at this. Turns out that the account already existed!

The developer who was testing this was getting the error 400 (invalid_signup) but not the error user_exists. Wouldn’t that have been more appropriate in this instance?

The error will be invalid_signup if your tenant has the “Use a generic response in public signup API error message” setting turned on (by default it is on). This setting is located in the “Advanced” tab in your tenant settings.

A generic error message is returned in this case to help protect against username enumeration attack.

Here is more information about the response: Auth0 Support Center

This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.