Lead a user to create an app-specific profile after their login if it is their first login ever

dev47 · November 21, 2022, 5:07am

I am trying to achieve the somewhat standard flow where a user is directed to create an app-specific profile if it is their first time logging in. If it is not their first time logging in, and they already have a profile, then they will be taken to the page they were on last before logging in.

My design thoughts are as follows. Have a social provider connection in auth0 and create an external database elsewhere to hold profile data. The table key that connects the profile in the database to the auth0 user should be the user_id/sub or a generated uuid which utilizes auth0 rules or hook to become part of additional auth0 authentication metadata.

After logging in, take them to a page /logged-in. This page calls an endpoint with the user cookie and checks the database for a profile. If a profile does not exist, the endpoint can return a response that says there is no profile. If the logged-in page gets a response with no profile, then it will redirect to create-profile. Otherwise, if the endpoint comes back with a profile, then somehow(?) take them back to the page they were on before logging in.

My design seems like it might work but it has a question mark and it might be overly complicated. What is the best way to solve the use case laid out in the first paragraph?

david_wisecarver · December 20, 2022, 9:44pm

Hi @dev47,

For this use case we typically recommend that you use Actions or Rules to add a custom claim to the id_token to indicate that this user is logging in for the first time, and have you app redirect accordingly when it gets this custom claim.

We expose the user’s login count in post-login actions/rules, which you can use to detect the user’s first time logging in. This is available as event.stats.logins_count in post-login actions or context.stats.loginsCount in rules. You can use this to add a custom claim to the user’s id token which your application receives after the user logs in. Then you can write custom redirect logic in your application based on this custom claim.

Here is an example of adding a custom claim in a post-login action: Login Flow
And our guide for custom claims in rules: Sample Use Cases: Scopes and Claims

Hope this helps!

Thanks,
Dave

system · January 10, 2023, 12:17pm

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.