I think this is a bug… if not I would appreciate clarification on these flows.

Context: My app is using the passwordless email login pattern

I’m trying to implement a few different actions within my Post User Registration and Post Login flows. I’ve noticed that the actions attached to the Post User Registration flow are triggered when a user logs in using passwordless login.

This is problematic for a few use cases specifically and is also just confusing.

Use case #1: Deny registration if email is already in use. I have an action that checks if a user already exists in the auth0 system with the email being registered and denies the registration if true. Currently this action fires when a user logs in which prevents all users from logging in since by definition their email exists in the system.

Use case #2: Sync user data with external system on registration and login. I have an action in both the registration and post login flows that makes a request to an external api to sync user data. I would like to distinguish between the two flows for the purposes of the api. Currently during login the api receives the Post User Registration request first and then receives the Post Login request.

I think I’m experiencing this with the SMS passwordless authentication. My post user registration action creates a record in a database with a field storing the ID of the Auth0 user profile. There is a unique constraint on the value of this field in the database. When I log in with a previously logged in user there is evidence that the post user registration action runs because Auth0 monitoring logs the “Failed Post User Registration Hook” event which occurs because the unique constraint of the ID was violated and the database responds to the action runner with an error. This behaviour seems in contrary to the documentation (emphasis mine):

Actions Triggers: post-user-registration

The post-user-registration triggers runs after a user has been created for a Database or Passwordless connection.

– Post User Registration Flow

Is there a way to bump a Community Engineer to respond? I see this issue was first reported over 6 months ago in July 2021 and I’m the only one to reply.

Updates in this thread.

Hi @zola.mcadie and @wing,

Thank you for this feedback request!

Our Engineering teams are currently working on resolving this issue.

Thanks.

Hello, has this been fixed? We are experiencing this issue right now in our setup and it’s causing problems. Thanks!

Hi, same issue here. We are saving the id of auth0 in our DB after a signup. Our workaround is to basically ignore duplicate errors but we would like to throw exceptions if there are conflicts (in case the error comes from elsewhere)

@rueben.tiow could we have an update here please ?

Thanks,

Also experiencing this for the passwordless email flow. Is there any known workaround to dedupe these events in the execution context of the action (e.g. without relying on downstream consumers to dedupe it)?

We are also experiencing this bug. We use Passwordless authentication and are sending out a welcome email through Postmark in the Post User Registration action and it sends every time a user logs in.