"Log in with ..." behaves the same as "Sign up with ..."

Hi and thanks for this great product/service. I am currently using the Auth0 lock v11, and was able to add a terms and condition checkbox and everything works by disabling the ability to continue while one is on the “Sign up” tab. i.e you are unable to sign-up with the social link until the checkbox is checked. However on the “Log in” tab, the social link “Sign in with Google”, which is enabled, will generate a user if they do not exist, bypassing the constraints that are setup on the “Sign up” tab. I may be missing a configuration?

I am trying to solve this use case, where I want users to sign in with OAuth2.0, but keep them from signing up without accepting the “terms & conditions”. Although, mustAcceptTerms prevents the user from continuing on the Sign up tab, they can still bypass by just using the social log in button.

I have tried some different approaches from using additionalSignUpFields and denying service to social sign up via rules.

I was go try to use both the mustAcceptTerms and a rule, however unlike additionalSignUpFields which saves data to the user’s user_metadata, the mustAcceptTerms doesn’t save any meta data to the user. Which makes it difficult to determine in the rules if one has actually checked the checkbox.

Hope all this makes sense. I appreciate any guidance with this use case. Thanks you!

Hey there @bernardo, I wanted to reach out and see if you are still battling the constraint bypassing with new enrollments? It’s important to keep in mind when leveraging rules that they only fire off on a successful enrollment and mustAcceptTerms means that the option will take effect for users with username/email and password authentication, not social sign-ins. Please let me know if I can be of further assistance to and I’ll be happy to dig in. Thanks!

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.