> ## Documentation Index
> Fetch the complete documentation index at: https://docs-dev-docs-event-stream-action-templates.mintlify.site/llms.txt
> Use this file to discover all available pages before exploring further.

> How to customize the user signup form with additional fields using Lock or the Auth0 API.

# Custom Signup using Lock or the Auth0 API.

You can customize the user signup form with more fields in addition to email and password when using Lock or the Auth0 API.

There are many factors to consider before you choose [Lock vs. Custom UI](/docs/customize/login-pages/classic-login/customize-with-lock-sdk). For example, using Lock, you can redirect to another page to capture data or use progressive profiling. When using the Auth0 API, you can capture custom fields and store them in a database. There are certain limitations to the customization that should be considered when choosing the method that best suits your purpose. Some typical customizations include adding a username and verifying password strength.

<Card title="Universal Login recommended">
  Auth0 offers a [Universal Login](/docs/authenticate/login/auth0-universal-login) option that you can use instead of designing your own custom login or signup pages, or using those that are embedded in any of the Auth0 libraries. If you want to offer signup and login options, and you only need to customize the application name, logo and background color, then Universal Login might be an easier option to implement.
</Card>

## Using Lock

Lock supports [custom fields signup](/docs/libraries/lock/lock-configuration).

Lock's `additionalSignUpFields` option will only work with database signups. For signups using social <Tooltip tip="Identity Provider (IdP): Service that stores and manages digital identities." cta="View Glossary" href="/docs/glossary?term=identity+providers">identity providers</Tooltip>, collecting these fields in the same manner is not possible with Lock, but there are two other options to allow social IDP signups with Lock while still collecting additional custom fields.

### Redirect to another page

One way to use social provider signups with Lock and collect custom fields is to use [redirect rules](/docs/customize/rules/redirect-users) to redirect the user to another page where you ask for extra information, and then redirect back to finish the authentication transaction.

### Progressive profiling

Another way to collect custom field data when signing users up with social providers is via [progressive profiling](/docs/manage-users/user-accounts/user-profiles/progressive-profiling) whereby you can slowly build up user profile data over time. You collect the bare minimum details upon signup, but when a user later interacts with your app, you collect a small amount of data (perhaps one question) each time until their profile is complete. This allows you to collect the desired information but with less friction, since the goal of using a social IDP for signup is making it more effortless and streamlined for the user.

## Using the API

### Create a signup form to capture custom fields

The `name` is a user profile attribute and `color` is a custom field.

There is currently no way to validate user-supplied custom fields when signing up. Validation must be done from an Auth0 [Rule](/docs/customize/rules) at login, or with custom, **server-side** logic in your application.

### Send the form data

Send a POST request to the [/dbconnections/signup](https://auth0.com/docs/api/authentication/reference#signup) endpoint in Auth0.

You will need to send:

* Your application's `client_id`
* The `email` and `password` of the user being signed up
* The name of the database `connection` to store your user's data
* Any user profile attribute you want to update for the user, which can include `given_name`, `family_name`, `name`, `nickname`, and `picture`.
* Any custom fields as part of `user_metadata`

## Custom fields limitations

When your users sign up, the custom fields are sent as part of `user_metadata`. The limitations of this field are:

* `user_metadata` must contain no more than 10 fields
* `user_metadata.field` must be a string
* `user_metadata.field.value.length` must be fewer than 500 characters
* `user_metadata.field.length` must be fewer than 100 characters
* The current size limit for `user_metadata` is **16 MB**

## Redirect mode

After a successful login, Auth0 will redirect the user to your configured callback URL with a <Tooltip tip="JSON Web Token (JWT): Standard ID Token format (and often Access Token format) used to represent claims securely between two parties." cta="View Glossary" href="/docs/glossary?term=JWT">JWT</Tooltip> (`id_token`) in the query string.

Your server will then need to call APIv2 to add the necessary custom fields to the user's profile.

## Add username to the signup form

One common signup customization is to add a username to the signup.

To enable this feature, turn on the **Requires Username** setting on the [Connections > Database](https://manage.auth0.com/#/connections/database/) section of the dashboard under the **Settings** tab for the connection you wish to edit.

Capture the `username` field in your custom form, and add the `username` to your request body.

## Optional: Verify password strength

Password policies for database connections can be configured in the dashboard. For more information, see: [Password Strength in Auth0 Database Connections](/docs/authenticate/database-connections/password-strength).

If required for implementation of custom signup forms, the configured password policies, along with other connection information, can be retrieved from the [Management v2 API](https://auth0.com/docs/api/management/v2#!/Connections/get_connections_by_id). The result can be parsed client-side, and will contain information about the current password policy (or policies) configured in the dashboard for that connection.