Custom Signup

In some cases, you may want to customize the user sign up form with more fields other than email and password.

Using Lock

Lock 10 supports custom fields signup.

custom signup fields

Using the API

1. Create a Sign Up form to capture custom fields

<form id="signup">
    <legend>Sign up</legend>
      <input type="email" id="signup-email" placeholder="Email" required/>
      <input type="password" id="signup-password" placeholder="Password"
      <input type="text" id="name" placeholder="Full name" required/>
      <input type="text" id="color" placeholder="Favorite color"/>
    <input type="submit" value="Sign up"/>

NOTE: name and color are custom fields.

Custom field validation

There is currently no way to validate user-supplied custom fields when signing up. Validation must be done from an Auth0 Rule at login, or with custom logic in your application.

2. Send the Form Data

Send a POST request to the /dbconnections/signup endpoint in Auth0. You will need to send your ClientId, the email and password of the user being signed up, and the custom fields as part of user_metadata.

curl --request POST \
  --url 'https://${account.namespace}/dbconnections/signup' \
  --header 'content-type: application/json' \
  --data '{"client_id": "YOUR_CLIENT_ID","email": "$('\''#signup-email'\'').val()","password": "$('\''#signup-password'\'').val()","user_metadata": {"name": "john","color": "red"}}'
var client = new RestClient("https://${account.namespace}/dbconnections/signup");
var request = new RestRequest(Method.POST);
request.AddHeader("content-type", "application/json");
request.AddParameter("application/json", "{\"client_id\": \"YOUR_CLIENT_ID\",\"email\": \"$('#signup-email').val()\",\"password\": \"$('#signup-password').val()\",\"user_metadata\": {\"name\": \"john\",\"color\": \"red\"}}", ParameterType.RequestBody);
IRestResponse response = client.Execute(request);
package main

import (

func main() {

	url := "https://${account.namespace}/dbconnections/signup"

	payload := strings.NewReader("{\"client_id\": \"YOUR_CLIENT_ID\",\"email\": \"$('#signup-email').val()\",\"password\": \"$('#signup-password').val()\",\"user_metadata\": {\"name\": \"john\",\"color\": \"red\"}}")

	req, _ := http.NewRequest("POST", url, payload)

	req.Header.Add("content-type", "application/json")

	res, _ := http.DefaultClient.Do(req)

	defer res.Body.Close()
	body, _ := ioutil.ReadAll(res.Body)


HttpResponse<String> response ="https://${account.namespace}/dbconnections/signup")
  .header("content-type", "application/json")
  .body("{\"client_id\": \"YOUR_CLIENT_ID\",\"email\": \"$('#signup-email').val()\",\"password\": \"$('#signup-password').val()\",\"user_metadata\": {\"name\": \"john\",\"color\": \"red\"}}")
var settings = {
  "async": true,
  "crossDomain": true,
  "url": "https://${account.namespace}/dbconnections/signup",
  "method": "POST",
  "headers": {
    "content-type": "application/json"
  "processData": false,
  "data": "{\"client_id\": \"YOUR_CLIENT_ID\",\"email\": \"$('#signup-email').val()\",\"password\": \"$('#signup-password').val()\",\"user_metadata\": {\"name\": \"john\",\"color\": \"red\"}}"

$.ajax(settings).done(function (response) {
var request = require("request");

var options = { method: 'POST',
  url: 'https://${account.namespace}/dbconnections/signup',
  headers: { 'content-type': 'application/json' },
   { client_id: 'YOUR_CLIENT_ID',
     email: '$(\'#signup-email\').val()',
     password: '$(\'#signup-password\').val()',
     user_metadata: { name: 'john', color: 'red' } },
  json: true };

request(options, function (error, response, body) {
  if (error) throw new Error(error);

#import <Foundation/Foundation.h>

NSDictionary *headers = @{ @"content-type": @"application/json" };
NSDictionary *parameters = @{ @"client_id": @"YOUR_CLIENT_ID",
                              @"email": @"$('#signup-email').val()",
                              @"password": @"$('#signup-password').val()",
                              @"user_metadata": @{ @"name": @"john", @"color": @"red" } };

NSData *postData = [NSJSONSerialization dataWithJSONObject:parameters options:0 error:nil];

NSMutableURLRequest *request = [NSMutableURLRequest requestWithURL:[NSURL URLWithString:@"https://${account.namespace}/dbconnections/signup"]
[request setHTTPMethod:@"POST"];
[request setAllHTTPHeaderFields:headers];
[request setHTTPBody:postData];

NSURLSession *session = [NSURLSession sharedSession];
NSURLSessionDataTask *dataTask = [session dataTaskWithRequest:request
                                            completionHandler:^(NSData *data, NSURLResponse *response, NSError *error) {
                                                if (error) {
                                                    NSLog(@"%@", error);
                                                } else {
                                                    NSHTTPURLResponse *httpResponse = (NSHTTPURLResponse *) response;
                                                    NSLog(@"%@", httpResponse);
[dataTask resume];
$curl = curl_init();

curl_setopt_array($curl, array(
  CURLOPT_URL => "https://${account.namespace}/dbconnections/signup",
  CURLOPT_POSTFIELDS => "{\"client_id\": \"YOUR_CLIENT_ID\",\"email\": \"$('#signup-email').val()\",\"password\": \"$('#signup-password').val()\",\"user_metadata\": {\"name\": \"john\",\"color\": \"red\"}}",
    "content-type: application/json"

$response = curl_exec($curl);
$err = curl_error($curl);


if ($err) {
  echo "cURL Error #:" . $err;
} else {
  echo $response;
import http.client

conn = http.client.HTTPSConnection("")

payload = "{\"client_id\": \"YOUR_CLIENT_ID\",\"email\": \"$('#signup-email').val()\",\"password\": \"$('#signup-password').val()\",\"user_metadata\": {\"name\": \"john\",\"color\": \"red\"}}"

headers = { 'content-type': "application/json" }

conn.request("POST", "/${account.namespace}/dbconnections/signup", payload, headers)

res = conn.getresponse()
data =

require 'uri'
require 'net/http'

url = URI("https://${account.namespace}/dbconnections/signup")

http =, url.port)
http.use_ssl = true
http.verify_mode = OpenSSL::SSL::VERIFY_NONE

request =
request["content-type"] = 'application/json'
request.body = "{\"client_id\": \"YOUR_CLIENT_ID\",\"email\": \"$('#signup-email').val()\",\"password\": \"$('#signup-password').val()\",\"user_metadata\": {\"name\": \"john\",\"color\": \"red\"}}"

response = http.request(request)
puts response.read_body
import Foundation

let headers = ["content-type": "application/json"]
let parameters = [
  "client_id": "YOUR_CLIENT_ID",
  "email": "$('#signup-email').val()",
  "password": "$('#signup-password').val()",
  "user_metadata": [
    "name": "john",
    "color": "red"

let postData = NSJSONSerialization.dataWithJSONObject(parameters, options: nil, error: nil)

var request = NSMutableURLRequest(URL: NSURL(string: "https://${account.namespace}/dbconnections/signup")!,
                                        cachePolicy: .UseProtocolCachePolicy,
                                    timeoutInterval: 10.0)
request.HTTPMethod = "POST"
request.allHTTPHeaderFields = headers
request.HTTPBody = postData

let session = NSURLSession.sharedSession()
let dataTask = session.dataTaskWithRequest(request, completionHandler: { (data, response, error) -> Void in
  if (error != nil) {
  } else {
    let httpResponse = response as? NSHTTPURLResponse


Custom Fields Limitations

When your users sign up, the custom fields are sent as part of user_metadata. The limitations of this field are:

  • user_metadata must contain no more than 10 fields;
  • user_metadata.field must be a string;
  • user_metadata.field.value.length must be fewer than 500 characters;
  • user_metadata.field.length must be fewer than 100 characters.

Redirect mode

After a successful login, Auth0 will redirect the user to your configured callback URL with a JWT (id_token) in the query string.

NOTE To learn more about the differences between popup and redirect modes, please refer to this document.

window.auth0 = new Auth0({
  domain: 'YOUR_NAMESPACE',
  clientID: 'YOUR_CLIENT_ID',
  // Callback made to your server's callback endpoint
  callbackURL: 'https://YOUR_APP/callback',

Your server will then need to call APIv2 to add the necessary custom fields to the user's profile.

Add Username to Sign Up form

One common signup customization is to add a username to the signup.

To enable this feature, turn on the Requires Username setting on the Connections > Database section of the dashboard under the Settings tab for the connection you wish to edit.

Once this has been set, when a user is created manually in the Auth0 dashboard, the screen where users enter their information will prompt them for both an email and a username.

Similarly, the Lock widget in sign up mode will prompt for a username, email and password.

Then users can log in with Username and Password.

Optional: Verifying password strength

Password policies for database connections can be configured in the dashboard. For more information, see: Password Strength in Auth0 Database Connections.

The configured password policies, along with other connection information, can be retrieved publicly by accessing a JSONP file at the following URL:

This file can then be parsed client-side to find the current password policy configured in the dashboard. For an example, see: Custom signup with password policy.