Engaging your users and keeping them informed about the latest features you deploy is crucial for any successful online business. However, it's equally important to ensure your communication efforts comply with users’ right to privacy and regulations like GDPR.
Thankfully, if you're already using Auth0 for user authentication, you have a powerful tool at your disposal to streamline the process of obtaining consent for email communications.
In this article, we'll delve into how you can leverage Auth0's capabilities to seamlessly integrate GDPR-friendly newsletter sign-ups directly into your existing user registration or onboarding flows. We'll cover best practices for obtaining explicit consent using two different approaches. By the end, you'll have a streamlined system that not only grows your email list but also fosters trust and transparency with your users.
Method 1: Customize Signup and Login Prompts
Auth0's Universal Login feature provides a convenient way to add a newsletter sign-up option directly into your existing login or registration process. You can easily customize the Universal Login sign-up form to include an input checkbox for newsletter subscriptions.
When designing this checkbox, it's crucial to use clear and concise language that leaves no room for ambiguity. The checkbox should be unchecked by default, and the wording should explicitly state that the user is agreeing to receive marketing emails from your company.
Here's an example using Auth0 signup prompts for gathering consent:
Once the user submits the form, Auth0 can store their consent status as a custom field in their user profile. This allows you to easily track who has opted in to receive your newsletter and segment your audience accordingly.
The documentation provides great detail on how to customize signup and login prompts, so I won't be covering the steps here, but I'll share some of the code I used to set up the example above.
To add the new field to the signup form, I made the following call to the management api:
curl -L -X PUT 'https://{auth0-domain}/api/v2/prompts/signup/partials' \ -H 'Content-Type: application/json' \ -H 'Authorization: Bearer {access-token}' \ -d '{"signup":{"form-content-end":"<div class=\"ulp-field\"><input type=\"checkbox\" name=\"ulp-newsletter-consent\" id=\"newsletter-consent\"><label for=\"newsletter-consent\">I agree to receive information and commercial offers to my e-mail.</label></div>"}}'
Which will inject the following HTML after the login form.
<div class="ulp-field"> <input type="checkbox" name="ulp-newsletter-consent" id="newsletter-consent" /> <label for="newsletter-consent">I agree to receive information and commercial offers in my e-mail.</label> </div>
Then, I'm using Auth0 Actions to automatically sign up the user to my newsletter service. Here's the code for the action:
exports.onExecutePreUserRegistration = async (event, api) => { const consent = event.request.body['ulp-newsletter-consent']; if(consent) { api.user.setUserMetadata("newsletter_consent", consent); api.user.setUserMetadata("newsletter_consent_date", Date.now()); // Call the newsletter service API to subscribe the user await fetch(`https://newsletter-api.example.com/u/${event.user.email}`, { method: "POST" }) } };
You'll have to adapt the HTTP call to match your newsletter service API, or, what I prefer to do, is to add the email to a processing queue, which then triggers the newsletter subscription.
Key considerations for this approach:
- Integrated with Sign-Up Form: This method seamlessly blends the newsletter sign-up with the user's initial interaction.
- Social Login & Passkeys: Keep in mind that this approach won't work if your primary login methods are social logins (e.g., Google, Facebook) or passkeys.
- Custom Domain and Custom Page Template Required: To leverage this functionality, you'll need to have a custom domain set up for your Auth0 tenant.
Method 2: Using Auth0 Forms for Dedicated Consent Collection Step
If you need a more comprehensive consent collection solution or want to gather additional information beyond a simple yes/no for the newsletter, Auth0 Forms is the solution for you. This approach involves presenting users with a dedicated form during the authentication process, allowing for more detailed data collection and tailored consent options.
Auth0 Forms is a powerful visual editor that empowers you to create custom, dynamic forms that integrate seamlessly with your authentication flows. These forms can be, for example, used for:
- Progressive profiling: Collect user preferences, demographics, or any other data relevant to your business.
- Enforce Policies: Require users to accept updated terms and conditions or privacy policies before accessing your application.
- Customize Authentication Flows: Add steps to your login or sign-up processes, such as email or phone number verification, OTP, account linking, or consent collection.
- Trigger Custom Actions: Initiate backend processes or workflows based on user input.
How Can Auth0 Forms Be Used for Consent?
Auth0 Forms provide a flexible framework for obtaining and managing user consent in various scenarios:
- Newsletter Sign-Ups: Create a dedicated form with clear and concise language to request explicit consent for email communications.
- Terms and Conditions Acceptance: Present updated terms or policies to users and require their acceptance before continuing.
- Data Usage Consent: Seek permission for specific data processing activities, such as personalized advertising or data analytics.
- Granular Permissions: Offer users fine-grained control over their data by allowing them to choose which types of communication they want to receive.
Here's an example of a form that collects information about the user and asks for marketing consent the second time the user logs into the application.
Key considerations for this approach:
- Universal Compatibility: Auth0 Forms works seamlessly with all authentication methods, including social logins and passkeys, providing flexibility for your user base.
- Additional Step: Be aware that this method adds an extra step to the authentication flow, which, only for the purposes of asking consent, can potentially affect user experience. Consider balancing the need for comprehensive consent with the desire for a streamlined login process.
- Versatile Usage: Auth0 Forms aren't limited to just newsletter sign-ups. They can be used for a variety of scenarios, such as accepting terms and conditions, requesting permission for specific data usage, or collecting user preferences. This versatility makes Auth0 Forms a valuable tool for managing ongoing compliance and user engagement.
Best Practices for Obtaining Explicit Consent
To ensure your newsletter sign-up process is fully GDPR-compliant, there are several best practices you should follow. First and foremost, use clear and concise language on your sign-up forms. Avoid legalese or confusing terminology, and be upfront about what the user is signing up for.
Additionally, consider offering granular consent options. Instead of just one checkbox for all types of communication, you could provide separate checkboxes for newsletters, product updates, or other types of emails. This gives users more control over the emails they receive and can improve engagement rates.
Another effective strategy is implementing a double opt-in process. This means that after a user submits their email address, they receive a confirmation email with a link they must click to verify their subscription. This extra step helps ensure that the email address is valid and that the user genuinely wants to receive your newsletter.
Finally, it makes it easy for users to manage their communication preferences. Provide a clear link in your emails where users can update their subscriptions or unsubscribe altogether. This demonstrates respect for their privacy and can help prevent spam complaints.
Conclusion
By following the steps outlined in this article, you can seamlessly integrate GDPR-friendly newsletter sign-ups into your Auth0-powered website or application. This not only ensures compliance with data protection regulations but also builds trust with your users, leading to higher engagement and a more successful email marketing program.
Thanks for reading!
About the author
Juan Cruz Martinez
Staff Developer Advocate