How to require and store additional user profile data at first login?

Question

Using Angular 2 how to ask for mandatory profile information to be filled when using external OAuth providers such as Google and with the authentication being processed through Auth0 or Firebase.

Let me explain my case: on my user profile, I need to have the email address of the user and I need (for application purposes), the user to give me his birthday and the city they work in.

These two pieces of data, Birthday and City, may not be available in the Google Profile for example.

In the application we'll be using Firebase or Auth0 for authentication.

So, what I want to know is how is it possible to accomplish these steps of the scenario.

1. User click on login
2. The user decides to use Google to login via Firebase or Auth0
3. I can retrieve easily user data in my database (Firebase)
4. I have to compare some user data is missing (first login or missing user data in the database)
5. If data is missing, how to block the user to make anything before he entered these required data? And redirect/show him only a form to enter these data

Any simple example on how I can achieve that?

Answer 1

For the Auth0 scenario you can accomplish this by leveraging the rules functionality to customize the authentication pipeline of the user.

Rules allow you to easily customize and extend Auth0's capabilities. Rules can be chained together for modular coding and can be turned on and off individually.

More specifically, you can use a redirect based rule to ensure that the user provides the necessary additional information in the cases where the original method of authentication is unable or lacks said information.

Rules can also be used to programmatically redirect users before an authentication transaction is complete, allowing the implementation of custom authentication flows which require input on behalf of the user, such as:

• Requiring users to provide additional verification when logging in from unknown locations.
• Implementing custom verification mechanisms (e.g. proprietary multifactor authentication providers).
• Forcing users to change passwords.

(emphasis is mine)

Your concrete scenario would be very similar to the first point mentioned, you would detect a specific situation, in your case, the user does not have birthday and city information available, and conditionally redirect the user to a form that would collect this information which would then upon submission resume the authentication process.

Depending on the amount of data in question and/or specific data storage requirements you might have you could either store the collected data as part of the Auth0 user profile in what's referred to as user metadata or use your own store.

Auth0 allows you to store metadata, or data related to each user that has not come from the identity provider. There are two kinds of metadata:

• user_metadata: stores user attributes (such as user preferences) that do not impact a user's core functionality;
• app_metadata: stores information (such as a user's support plan, security roles, or access control groups) that can impact a user's core functionality, such as how an application functions or what the user can access.

For guidance on what are the use cases for the Auth0 metadata storage also check User Data Storage Guidance.