Require Accept Terms on Social Connections

If I want the user’s to accept terms when creating an account, there is that option with Lock for Username/password signup, but it seems with Social Connections such as Facebook, user’s can login with no regard to accepting the terms.

Is this just how it works or a bug? Kinda makes having “accept terms” and “facebook login” an impossibility unless I’m missing something.

The Lock acceptTerms feature is only available for database connections. You can achieve this functionality using Redirect Rules:


  1. User signs up with Facebook
  2. Rule checks for social, first time login → Redirects to your T&C acceptance page
  3. Upon acceptance on your page, you can call the /continue endpoint to complete the authentication flow and return to your application.

Your rule could look something like:

function (user, context, callback) {

  if (context.protocol === "redirect-callback") {
    // User was redirected to the /continue endpoint
    return callback(null, user, context);
  } else if(context.connection === 'facebook' && context.stats.loginsCount === 1){
    // User is facebook user, first time login
    // Redirect to T&C acceptance page
    context.redirect = {
      url: ""
    return callback(null, user, context);
  } else {
    //DB connection user, or Facebook user who has logged in before
    return callback(null, user, context); 

@prashant Hey Prashant, do you plan to add the feature “accept terms for social plugins” too?