User forced to login right after sign-up

Hi, I’m using the Universal login for both sign up and log in.

After the user signs up and creates an account, when the page refreshes (and we attempt to get a token), the user is immediately redirected to a login page and needs to log in. Once the log in is completed, the user than can use the application normally.

Note that the user is (sort of) signed in after sign up as we do get a valid authentication token, but this doesn’t seem to “stick” after a browser refresh.

How can I stop this from happening?

Hi @gampleman,

Welcome to the Auth0 Community!

If you are using the Classic Universal Login, you can specify the loginAfterSignUp: false in your custom HTML code. (Reference: How to disable auto signin after signup)

If you are using the New Universal Login experience, you won’t be able to skip the automatic login behavior after signing up.

Another option you could try is using the Authentication API’s create a new user endpoint to create the user without automatically logging them in. In this scenario, the user must log in after signing up by themselves to use the application.

Thanks,
Rueben

Hi, I actually do want the user to be logged in after signup but it isn’t happening. I am using the new universal login experience.

Hi @gampleman,

Thanks for the clarification.

By default, when new users sign up with the new universal login experience, they are automatically logged in and redirected to the app’s callback URL.

Can you clarify how are the users registering to your app?

We do something like this:


import {
  createAuth0Client,
  type Auth0Client,
  type Auth0ClientOptions,
} from "@auth0/auth0-spa-js";

const config: Auth0ClientOptions = {
    clientId: import.meta.env.VITE_AUTH0_CLIENT_ID,
    domain: import.meta.env.VITE_AUTH0_DOMAIN,
    authorizationParams: {
      redirect_uri:  window.location.origin,
      audience: import.meta.env.VITE_AUTH0_AUDIENCE,
    },
  };

  const client = await createAuth0Client(config);

  const isAuthenticated = await client.isAuthenticated();

  if (isAuthenticated) {
    const user = await getUser(client);
    return {
      user,
      client,
    };
  }


  const params = new URLSearchParams(window.location.search);

  if (!params.get("code") || !params.get("state")) {
    client.loginWithRedirect({
      authorizationParams: { screen_hint: "signup" },
      appState: {
        path: `${window.location.pathname}${window.location.search}`,
      },
    });
    return null;
  }

  const { appState } = await client.handleRedirectCallback();

  const user = await getUser(client);

This is set up with the new universal login experience.

We do have some actions that run in Auth0 that display some forms, one for getting the users first and last name and org name. And another one to force email verification using an OTP code.

Everything else seems fairly standard. Is there anything in particular that can help?

Hi @rueben.tiow, anything else I can add? Or something to try?

Hi @gampleman,

Thank you for your responses.

I have looked over your code, and everything looks good. It calls the loginWithRedirect() function and sends it to the sign-up page.

I have also looked at your tenant and confirmed that you are using the New Universal Login experience and that your action scripts look fine. So far, I haven’t found anything that could cause the user not to log in immediately after signing up. By default, the New Universal Login auto-login behavior happens naturally and, as far as I know, there is no way to disable it.

Have you checked your network activity during the sign-up flow to ensure that it redirects you to the callback URL?

Thanks,
Rueben