Sign-in causing a Sign-up (Google Auth)

bbelo · May 14, 2025, 5:50pm

I think there is a scenario under which a sign-in into the Softr app is causing a new user sign-up.

I just enabled Google external authentication.

Inadvertently, when signing in to my app, I provided the username/password of my Google account with the email (username) not matching that of my existing Softr app’s email username.

Guess what Softr did. It didn’t reject that sign-in. Instead, it let Google authenticate me (rightfully so), but then proceeded to spin up a new Softr app account and log me in under that account.

This doesn’t seem to be right. Under no circumstances should a sign-in cause a sign-up.
Sign-ups, for most apps, follow an intricate process. For our app, a sign-up fires up multiple automations that do intricate things within the app’s database to set things up for a user correctly and also reach out to external systems we integrate with to set things up there, as well.

Needless to say, this “sign-up” broke half way through, but did run far enough to create a legit user in the Softr app, in our Airtable user database, etc…

Even if it did run to completion successfully, it would still present a serious problem. Imagine… A user signs up manually with some username email. Then uses our app for a while. Then six months down the road decides to sign into our app again and at that point does not remember the password, so decides to sign in with the Google authentication, inadvertently providing a username email different than that of the username with which they originally signed up to the app with.

Softr proceeds to create a brand new user account for that user. The user is logged in, but sees none of their data, previous account settings/configurations, nothing. Not to mention, it incorrectly creates bogus accounts in the system, if left uncontrolled.

I’d love to hear from the community what the others think and what Softr team might suggest as a solution.

From my standpoint, I think a sign-in with an external provider auth should bounce the user out if the username email does not match that of the Softr app existing user’s email. Period. Full stop. And in no way should a sign-in attempt result in a successful sign-up.

austinyang · May 15, 2025, 8:00am

Hi there, this is the more common user experience for apps that have open signup — they typical prioritize new user signup conversion by not adding friction in case they land on sign-in instead of sign-up page.

But it’s indeed not ideal for the scenario you describe, we can bring this setting for you to decide which one you care more.

bbelo · May 15, 2025, 7:58pm

Thanks @austinyang

Yes, indeed, I’ve seen other apps do that - prioritize user sign-up when a new auth is detected. But in our case, we don’t even use the Softr sign-up form for the sign up, but instead use a form block hooked up to an automation that does a myriad of intricate things in our app that need to be done upon a “regulated” sign up - we reach out to a bunch of external integrated systems that our app communicates with to bind our new user to those systems. Long story short, an “unregulated” sign-up would cause more problems than it would solve.

If there was a way (maybe a toggle switch on the sign-in block) to control whether the Google auth would do an “unregulated” sign up if the username email isn’t matched to the one on record in Softr or would bounce out the attempted sign in without creating an “unregulated” sign up, that would be ideal. Or maybe some kind of custom tweak Softr can do on the back-end to achieve the same result.

Until then, I am afraid I would need to disable the Google auth in the sign-in form.

Looking forward to the solution.

Thank you