I think this is a bug… if not I would appreciate clarification on these flows.
Context: My app is using the passwordless email login pattern
I’m trying to implement a few different actions within my Post User Registration and Post Login flows. I’ve noticed that the actions attached to the Post User Registration flow are triggered when a user logs in using passwordless login.
This is problematic for a few use cases specifically and is also just confusing.
Use case #1: Deny registration if email is already in use. I have an action that checks if a user already exists in the auth0 system with the email being registered and denies the registration if true. Currently this action fires when a user logs in which prevents all users from logging in since by definition their email exists in the system.
Use case #2: Sync user data with external system on registration and login. I have an action in both the registration and post login flows that makes a request to an external api to sync user data. I would like to distinguish between the two flows for the purposes of the api. Currently during login the api receives the Post User Registration request first and then receives the Post Login request.