Unable to Generate a “User doesn’t exist” Message During Login

Problem statement

When a user attempts a login, some administrators may also prefer to display a “User doesn’t exist ” message to the end user if they have chosen to disable the “Use a generic response in public signup API error message” option for signups.

Solution

Auth0 does not support returning a "User doesn’t exist " error for login to display for the user. Not returning this type of generic response helps protect against user registration enumeration by preventing bad actors from being able to guess previously registered email addresses or usernames from reading error response codes, such as user_exists . The signup API supports this with the Advanced Tenant setting “Use a generic response in public signup API error message” only to maintain backward compatibility with the legacy behavior.

Related References