User privacy vs login: how to verify username and email availabiliy?


As we are reviewing the security of our app, we’re a bit puzzled by the following situation:

  1. We want to maintain the privacy of users by preventing a user (logged in or not) from seeing the username and email of the other users.
  2. When logging in, we want to verify the input email and username are available (not already in use).


If we set the privacy to prevent users from accessing other user’s data, the it doesn’t seem possible to verify. Or is there a way we are not seeing?

Please advise.

Use backend workflow to check for username availability, it can bypass privacy rules.


Gotcha. But then we need a database object to return the result of that API call. At the moment the validation is done in the element’s conditions, so it’s a bit of a detour but it seems worth it.

You should not do any validations client-side. That’s the rule of thumb in your case.
Your backend workflow should respond with validation result like true (available) or false (unavailable) exposing as less information as possible about registered accounts.

Inside the Backend Workflow API, you can use * Return Data from API * Where you can add a parameter like YES/NO ( depending on you case ) and return it to the workflow which triggers the Backend Workflow API and from front end workflow you can use RESULT OF that workflow.

hope it make sense.

Good remark, I missed that.

1 Like

Thanks , API can be daunting but once you get it, it open a world of limitless possibilities :slight_smile:

Does it? Amazing.

Sorry i didn’t understand what you mean. :thinking: