PreRegistration Action is not triggered after a social login

yasin · November 7, 2021, 10:05am

Hi! This is Yasin.

I have a question. Currently, I am using Auth0’s superior Actions feature to sync my user registration and login flows with my Hasura backend that I use for my Flutter mobile and desktop apps. I am not going to blast here with bunch of code but only the required ones.

The above is valid for flows with user credentials (email, username, password) and works as intended. For a second method of sign in, I wanted to use social sign in methods (mainly google-oauth2 but others would be good to have).

I have managed to setup Auth0 and my Google Dev account to work together. I have managed to redirect from my Flutter desktop (MacOS) app to Safari browser page and sign in with an existing Google account of mine.

The Google sign in is accepted by Auth0 as intended. However, my Post Login Action doesn’t work. I am asking for what changes I can make it work with social logins too.

Pre Registration Action

When registering a new user with email, username, password, check if there is already a user with these email OR username on Hasura.
If not, it is okay to create a user on Hasura first. Then get the Hasura.user.id and api.user.setUserMetadata("hasuraUser", hasuraUser) on Auth0.
If there is already a user with these credentials on Hasura, registration must be denied. → api.access.deny("NOT_UNIQUE_CREDENTIALS", errorMessage);

Post Login Action:

Checks if my Hasura DB also has a user with credentials event.user.email OR event.user.username.
If a user found in Hasura, everything is okay. Get the Hasura.user.id and set custom claims accordingly. Allow login.
If no user found, this means even though Auth0 already accepted the login, I still can not accept it because there is a sync issue between Auth0 users and Hasura users. So the code simply does this → api.access.deny("NO_USER_FOUND_ON_HASURA")

.

What I Think the Problem Is

I think a social login flow happens like that.

→ “Hey, this is a valid social login with this email. Since it is a valid social login, I firstly created the user on Auth0 while login the user in but I didn’t trigger Pre Registration Action. So I know that you couldn’t create/sync that user on Hasura.”

Possible solution:

→ Option 1: Social login methods of Auth0 should trigger PreRegistration before login.
→ Option 2: After a social login, PostLogin action is triggered. I need to modify the action so that instead of denying the login, if it is a valid social login, I should accept it but at the same time,

create the user on Hasura,
Get the Hasura.user.id
Set user_metadata on Auth0,
Set custom claims with Hasura.user.id.

So what should I do?

Thanks a lot!

hsim · November 8, 2021, 1:01pm

Experiencing the same issue, creating an account with email + password triggers the “Pre User Registration” event. But when using google-oauth2, the event is not triggered.

rueben.tiow · November 8, 2021, 7:16pm

Hi @yasin,

Welcome to the Auth0 Community!

First, I’d like to clarify that when using Actions, the following Triggers will not work with Social Logins:

Pre-User Registration
Post-User Registration
Post-Change Password
Send Phone Message

The only Trigger that will work with SSO is the Post Login Action. Note that the Machine-to-Machine Action is irrelevant to user authentication.

With that said, I recommend that you follow option 2 to accomplish your desired result. I have seen your new Set User Metadata Is Not Working Inside Post Login Action post and will address how to use Actions to make this work.

Please let me know if there are any other related questions. I’d be happy to clarify.

Thank you.

yasin · November 9, 2021, 5:06pm

Hello @rueben.tiow,

Thank you for quick response. After carefully searching docs and external sources such as stackoverflow, I came to the same conclusion as you suggested me in your reply.

I have gone with the 2nd option and changed my action file accordingly since the only one that will be triggered is Post Login Action. However, as a newcomer to the Auth0 community, I found it is not that clear. Also, still thinking why Auth0 preferred it this way, not triggering Pre/Post Register.

By the way, if I can find some free time, I would like to write a comprehensive blog post about it, specialized on using these 3 in an architecture:

Flutter (mobile and desktop apps)
Auth0 (the central auth solution, email-password login as well as social providers)
Hasura (Postgres DB with GraphQL api)

Thank you so much for caring!

rueben.tiow · November 15, 2021, 8:51pm

Hi @yasin,

Thank you for your reply!

I’m glad to hear that chose to go with the 2nd option.

Yes please, that would be awesome and be a great source of knowledge for the overall community.

Please let me know if there’s anything else I can do to help.

Thank you.

system · November 30, 2021, 8:51pm

This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.