@dan.woda Maybe not? 
Just fixed my rule to this:
function (user, context, callback) {
var request = require("request");
var count = context.stats && context.stats.loginsCount ? context.stats.loginsCount : 0;
// Debug
console.log(`${context.request.ip} signing in, lc=${count}`);
// Add log in count to JWT
context.accessToken['https://<namespace>/loginCount'] = count;
// Exit fast if not first login
if (count > 0) {
return callback(null, user, context);
}
/**
* Add default role to new users on first log in
**/
var headers = {
'Authorization': 'Bearer ' + auth0.accessToken,
};
const data = {
"roles": [
"role_id"
]
};
request.post({
url: `https://${auth0.domain}/api/v2/users/${user.user_id}/roles`,
headers: headers,
json: data
}, (err, response, body) => {
return callback(new Error("Can not update users with role"));
});
callback(null, user, context);
}
I also installed real time logs for the debug line near the top:
12:04:55 PM: new webtask request
12:04:55 PM: XXX.XXX.XXX.XXX signing in, lc=1
12:04:55 PM: finished webtask request
I used a brand new user. I donāt have verification required before log in ā sign up logs the user in.
Regardless, it was not 0 at first log in; it was 1. Iāll need to figure out which one it is and when (maybe itās 0 when email verification is required? Iāll check.)
EDIT: Nevermind. I forgot that requiring email verification is a rules-based task with auth0. I donāt think that will change much.