I’m working in implementing option 1 for tracking consent on this GPDR reference page: GDPR: Track Consent with Lock
On sign-up, the library correctly enforces that a user checks the checkbox to consent to the terms before allowing them to use the social or database signup link.
On log-in, a user could sign-up by clicking on the social login page, without having to check any box to indicate consent. When I check the metadata for a new user who “logged-in” by clicking on the social (Google) login, they have the metadata indicating consent was given, even though they never checked the box.
Is there anything I can do to enforce that new users who try to login with the Google auth button are forced to actually use the “sign-up” page that has the consent checkbox?