Auto-login with Argon after register (complicated case)

franse · February 21, 2026, 8:56pm

Hello I need some insight here, maybe I'm missing something..

I was asked to create a register form in this format:

User complete a simple register form: Email and Password to api/login/register1
That stores something like:

mail : "micuenta12345678911@gmail.com",
password: "$argon2id$v=19$m=65536,t=3,p=4$WpPni4oqpwubEpeBNBboyQ$G1oRvRyet6VpBkBDrolKHCqu8YFbQk+hHq4D5qxiKBo"
token1:  "fab35721-0eaa-44da-9520-5694972bfd84"
token2: "awNc43Zmpk"

Now a second register page is opened with /finish_register/:token1/:token2

Then the user completes all the extra-info and it sends to: /api/login/register2
Let's say: birthday-date, username, token1, token2

After all is sent: with :token1 and :token2 I'm trying to make a query to auto-login the user but that won't work because it double hash it.

This register format is needed because the user must send some data that is not including with providers like google and facebook.

So, it's there a way to auto-login using this system?

Cheese · February 21, 2026, 11:06pm

Could you not use the available server Connect JWT Actions? Shouldn't be too difficult. Opus would probably throw it all together for you in about 60 seconds. We did something similar with registering new Users with Oauth but I can't find the Action to share it as for the life of me can't remember where we did it hahaha....

franse · February 22, 2026, 12:06am

Thanks @Cheese, used jwt for mobile and some server to server call and it's very simple to use..
But jwt doesn't give you the identity?
Same scenario, how can I login a user using his identity if password is hashed?
When I make the query, the password is already hashed..

Ended using this:

Disable hash verify on security provider.
Login using the query when needed.

On regular login:
Make a query from email, if exist:
Hash verify with password, else 401
If verify = true: login, else 401

Really tired but I think this is a correct way