Unwanted Welcome Email for Failed Social Login

Help
,
1

I’m encountering an issue with our Auth0 integration, specifically with Google social login.

Here’s the problem:
When a user attempts to log in using Google (social login) with an email address that has not been invited to our application,
The login fails as expected, but
A welcome email is still being sent to that email address.
This behavior is undesirable as it’s sending welcome emails to users who haven’t successfully authenticated and aren’t actually able to access our application.

My questions are:

  1. Is this a known issue?
  2. If so, is there a fix available?
  3. If not, can you advise on how to prevent these welcome emails from being sent for failed social login attempts?

Any assistance or guidance you can provide would be greatly appreciated.

3

Hi @idan500,

Yes, this is a known behavior. Sadly, there’s no way of preventing the welcome emails for some users and not others.

As a workaround, you could use a post login action to send the welcome email to users who have access to your application. I recommend checking out our Customize Email Handling—Send welcome email using your own API documentation for an example.

Thanks,
Rueben

4

@rueben.tiow thanks for replying.

I’m not trying to prevent it for some users, I’m trying to prevent it for NON-USERS (users which were never invited by my app)
did I miss something?

if some google’s user with the following email (who was never invited by my app which are closed for signups btw):
aaaaaaa@gmail.com
if he is just trying to login he will get the welcome email :laughing:

we are talking about the same cases?

in case we are talking about the same thing, in your link it includes implementation to a Rule but I know that it is going to be in EOL starting this November. actually my tenant is not allowing me to have rules even today.

  1. is there any equivalent Action implementation?
  2. using the custom email handling, is there a way to reuse the same template and settings from my tenant?

waiting for your next reply, thanks :pray:

5

Hi @idan500,

Yes, we are talking about the same case.

Yes, that is correct. You would need to use a post-login Action.

Here is the converted script in a post-login Action for your convenience:

exports.onExecutePostLogin = async (event, api) => {
  const fetch = require('node-fetch');

  // Check if the user's email is verified and if the welcome email has been sent
  if (!event.user.email_verified || event.user.app_metadata.welcome_email_sent) {
    return;
  }

  try {
    const response = await fetch('https://yourapi.yourcompany.com/mail/welcome', {
      method: 'POST',
      headers: {
        'Content-Type': 'application/json',
        'Authorization': `Bearer ${event.secrets.MY_SECRET_TOKEN}`
      },
      body: JSON.stringify({
        user: event.user,
        context: event
      }),
      timeout: 5000
    });

    // Set the welcome email flag in app_metadata
    api.user.setAppMetadata("welcome_email_sent", true);

  } catch (err) {
    console.error("Error sending welcome email:", err);
    throw new Error("Error sending welcome email");
  }
};

Unfortunately, there isn’t a way to reuse the email templates configured on your tenant. However, you could leverage them to recreate similar templates in your external email provider.

Thanks,
Rueben