One of our users (initially), reported that he was getting the welcome email on every login.
Upon investigation from our side, we can see various sessions from this user on our front-end logs from our side, and we can also see on auth0 dashboard that the user has been updated on the latest login we see on our side, although his latest login on his metadata is the 1st login and the logins_count is only 1.
I post some of the user metadata that hopefully show that there is some sort of discrepancy on this user.
I created a test user and it seems to increment the value fine.
So not sure what has gone bad with that specific user, but it is a bit annoying on his part, cause he gets the welcome email on every login, and we’d like to avoid that happening for him as well as for other users.
After reviewing your Tenant Logs, I found only one occurrence of the user successfully logged in through a Successful Refresh Token exchange (sertftLog Event Type code).
Moreover, the Welcome Email is only triggered once the user has verified their email address. Based on the user’s profile, I can see that they have an unverified email address. Therefore, one workaround I can recommend is to set the user’s email address to “verified” to trigger the Welcome Email for the final time.
About the logged in occurrence, unfortunately it seems that we dont have more that 1 day’s worth of logs from our side, so I can not do the same search you did, but wondering wether you also checked for the login success event s.
From the above screenshot, noting when the user meta data were updated automatically by auth0, it’s quite obvious it is absolutely impossible for the user to have updated data 3 months later without him either refreshing constantly for 3 months (probably not the case, our system is usually visited less often), or just reloging. Obviously a token would not last for 3 months. So there must be an explanation there.
About the welcome email indeed that’s how it works on your side, but since email verification is not really necessary for use we do our own logic inside a post-login rule to send welcome email when logins_count===1 which is why it is triggered. Meaning also that the user went through the post-login flow triggered from auth0.
By searching our logs, we can see that the user went through the post-login rule at all these times.
Please let me know what are your thoughts on this.
As I already mentioned it is a rule not an action. That’s why you couldn’t find it.
In my opinion, duplicating a property that essentially counts the first login of the user is not the way to go.
Furthermore, and more importantly, as far as I can see this is an issue on your side, that can affect any tenant, since we have no special settings, and any of our users. Is the official stance of Auth0 that you won’t fix the bug and that we should not trust your internal properties and duplicate everything on our side?
The adadot-platform was the tenant I had been investigating throughout over conversation.
I have taken a second look at your Rules and only found the Link users Rule enabled. See below:
I also inspected all of your Rule and Action scripts both enabled and disabled and found nothing that would interfere with the user’s logins_count.
It may be worth disabling all Rules and Actions to see if the issues are originating from the extensibility flows. At least by deduction, we can start to narrow the origin of the issue.
Unfortunately, I have not seen any further reports regarding stale login counts and cannot visibly see any issues on your tenant. Not to mention, when we created a new user, their logins_count can increment. It may be worth forcing the user to log out (/v2/logout endpoint) and have them log in again to confirm the behavior. If possible, please capture a HAR file of the authentication events.
Lastly, I understand your frustration regarding this issue, but let me assure you that Auth0 will investigate these situations and evaluate if it is a bug, if so, we would backlog the item based on its priority and fix it accordingly.