Hi. Hoping to get some help for migrating our user registration to auth0.
There are certain things we need to capture at sign up
name
userType
And beyond that, there is a bit of setup that needs to happen for each new user account, and this requires us knowing the above fields.
A third wish is to use the new universal login experience, as we want to speed / simplicity / future proof nature of it.
For the first part, I have successfully implemented an auth0 redirect so that we can gather the required info, and send them back to auth0 where they can be added to the app metadata. This seems like an ok solution, but I am open to others.
For the second part, I am not sure of which action or strategy to use such that the logic executes on each successful registration, AFTER the metadata above is gathered, and before the authentication process is finished. Is our only option to use an additional login action? Or can we use one of the registration actions?
This is a completely valid approach to getting additional sign-up fields from the user. One alternative to this approach is to configure additional sign-up fields on the signup page.
We want to use the new universal login experience, so we cannot configure additional signup fields.
For executing logic after the user registers, I actually need to know the extra information that I am collecting in the first step. For this reason I think I cannot use a “Post-User Registration action”, because this would happen before. I would consider moving the the additional information capturing into a post-user registration action as well, but apparently you cannot perform redirect actions with those, and also they would not run during social sign in. Is that correct?
So because of that, I guess I am stuck using a post-login action for both, and i might as well make it all 1 action, that captures additional information + adds the user to our servers?
I feel like there is room for error there in that I might add the user to our servers, but then it does not actually finish the login step in case the user closes their browser tab before the re-direct back to /continue happens. In this case I am not sure what the correct fix would be (they would have an account with us, but not auth0). I guess we just need to account for that in our registration action.
Yes, your findings are correct. The Post-User Registration Action cannot perform redirects and does not execute for Social connection logins.
Instead, I recommend using a Post-Login Action to redirect your users to an external page to capture additional information on their first login and to account for Social connection users.
In essence, once the redirection is complete and the user resumes the authentication after updating their user metadata, you can add your own custom logic, such as denying them access.
For example:
//Post Login Action script
exports.onExecutePostLogin = async (event, api) => {
//Redirect user to get additional information
api.redirect.sendUserTo("https://my-app.exampleco.com");
};
exports.onContinuePostLogin = async (event, api) => {
//Add your custom logic here
api.access.deny(`Access to ${event.client.name} is not allowed.`);
}