User logins_count not increment

j.spiliot · December 20, 2022, 10:54am

Hi,

One of our users (initially), reported that he was getting the welcome email on every login.

Upon investigation from our side, we can see various sessions from this user on our front-end logs from our side, and we can also see on auth0 dashboard that the user has been updated on the latest login we see on our side, although his latest login on his metadata is the 1st login and the logins_count is only 1.

I post some of the user metadata that hopefully show that there is some sort of discrepancy on this user.

We think it might be a more widespread issue at least on our tenant, as we see other users as well that seem to have the same issue, but we don’t see any errors on our side.

Could you please investigate on whether this is an issue on your side?

Thanks!

rueben.tiow · December 20, 2022, 6:48pm

Hi @j.spiliot,

Thanks for reaching out to the Auth0 Community!

I understand you are observing issues with your end-users login count not incrementing.

After my investigation, I did not find any settings on your tenant that would contribute to the user’s login count not incrementing.

I can see in the logs that the user could successfully log in.

In this case, I recommend creating a new test user and try logging in and out a few times to see if the login count increments.

Please let me know about your findings.

Thanks,
Rueben

j.spiliot · December 21, 2022, 11:27am

Hi @rueben.tiow,

I created a test user and it seems to increment the value fine.

So not sure what has gone bad with that specific user, but it is a bit annoying on his part, cause he gets the welcome email on every login, and we’d like to avoid that happening for him as well as for other users.

Thanks,
Jason

matthieu.poupinet · December 21, 2022, 4:16pm

Hi @rueben.tiow,

I’ve just noticed a similar issue on my side. For previous users there was no problem, but a new user today stayed with the “logins_count” at 1 (retriggering an action in one of our flows).

In the logs, no error seems to appear.

Is it a coincidence that it happened almost at the same moment the @j.spiliot ?

We faced the problem while connecting the the react-native-auth0 library

Thanks

rueben.tiow · December 22, 2022, 2:22am

fHi @j.spiliot,

Thank you for your response and update.

After reviewing your Tenant Logs, I found only one occurrence of the user successfully logged in through a Successful Refresh Token exchange (sertft Log Event Type code).

Moreover, the Welcome Email is only triggered once the user has verified their email address. Based on the user’s profile, I can see that they have an unverified email address. Therefore, one workaround I can recommend is to set the user’s email address to “verified” to trigger the Welcome Email for the final time.

Lastly, I recommend reading our How Logins count Attribute works FAQ which explains how the logins_count work.

I hope this has been helpful!

Please let me know how this works for you.

Thanks,
Rueben

j.spiliot · December 22, 2022, 10:34am

Hi @rueben.tiow,

Thank you for investigating the issue.

About the logged in occurrence, unfortunately it seems that we dont have more that 1 day’s worth of logs from our side, so I can not do the same search you did, but wondering wether you also checked for the login success event s.

From the above screenshot, noting when the user meta data were updated automatically by auth0, it’s quite obvious it is absolutely impossible for the user to have updated data 3 months later without him either refreshing constantly for 3 months (probably not the case, our system is usually visited less often), or just reloging. Obviously a token would not last for 3 months. So there must be an explanation there.

About the welcome email indeed that’s how it works on your side, but since email verification is not really necessary for use we do our own logic inside a post-login rule to send welcome email when logins_count===1 which is why it is triggered. Meaning also that the user went through the post-login flow triggered from auth0.

By searching our logs, we can see that the user went through the post-login rule at all these times.

Please let me know what are your thoughts on this.

Thanks,
Jason

rueben.tiow · December 24, 2022, 12:26am

Hi @j.spiliot,

Thank you for your update.

I have taken another look at your tenants and did not find any Post-Login Rule/Action deployed and bound to the Post-Login flow.

Nonetheless, as a workaround, I recommend using a user_metadata value as your conditional check instead of the logins_count property for your custom logic. For example:

exports.onExecutePostLogin = async (event, api) => {
  if(!event.user.user_metadata.welcomeEmailSent){ 
    //Send Welcome Email Code Here
    api.user.setUserMetadata("welcomeEmailSent", true)
  }
};

This way, each time a new user logs in for the first time, they will get only one Welcome Email sent to them.

Thanks,
Rueben

j.spiliot · December 27, 2022, 11:15am

Hi @rueben.tiow,

As I already mentioned it is a rule not an action. That’s why you couldn’t find it.

rueben.tiow:

Nonetheless, as a workaround, I recommend using a user_metadata value as your conditional check instead of the logins_count property for your custom logic. For example:
exports.onExecutePostLogin = async (event, api) => {
  if(!event.user.user_metadata.welcomeEmailSent){ 
    //Send Welcome Email Code Here
    api.user.setUserMetadata("welcomeEmailSent", true)
  }
};
This way, each time a new user logs in for the first time, they will get only one Welcome Email sent to them.

In my opinion, duplicating a property that essentially counts the first login of the user is not the way to go.

Furthermore, and more importantly, as far as I can see this is an issue on your side, that can affect any tenant, since we have no special settings, and any of our users. Is the official stance of Auth0 that you won’t fix the bug and that we should not trust your internal properties and duplicate everything on our side?

Thanks,
Jason

j.spiliot · December 27, 2022, 11:20am

Checked again, the rule is definitely there, enabled and it works as intended as we see in the logs.

rueben.tiow · January 3, 2023, 4:55pm

Hi @j.spiliot,

Could you please DM your tenant name?

Perhaps we are not looking at the same tenant since your observations do not match mine.

Thanks,
Rueben

j.spiliot · January 9, 2023, 10:23am

Hi @rueben.tiow ,

The tenant name is adadot-platform

Thanks,
Jason

rueben.tiow · January 10, 2023, 5:49pm

Hi @j.spiliot,

Thanks for the reply and clarification.

The adadot-platform was the tenant I had been investigating throughout over conversation.

I have taken a second look at your Rules and only found the Link users Rule enabled. See below:

I also inspected all of your Rule and Action scripts both enabled and disabled and found nothing that would interfere with the user’s logins_count.

It may be worth disabling all Rules and Actions to see if the issues are originating from the extensibility flows. At least by deduction, we can start to narrow the origin of the issue.

Unfortunately, I have not seen any further reports regarding stale login counts and cannot visibly see any issues on your tenant. Not to mention, when we created a new user, their logins_count can increment. It may be worth forcing the user to log out (/v2/logout endpoint) and have them log in again to confirm the behavior. If possible, please capture a HAR file of the authentication events.

Lastly, I understand your frustration regarding this issue, but let me assure you that Auth0 will investigate these situations and evaluate if it is a bug, if so, we would backlog the item based on its priority and fix it accordingly.

Thanks,
Rueben