Register Username poping?

Community Support
1

[CRITICAL ISSUE] Deep Linking Opens “Register Username” Modal in WebView (RC 7.10.0)

We are running a self-hosted Rocket.Chat Community Edition v7.10.0 and are integrating an external application using deep linking via resumeToken in an Android WebView.

We are facing a critical issue where the authenticated user is unable to access the chat room because they are repeatedly shown the “Register username” modal upon login, preventing them from seeing the deep-linked room.

Problem Details:

  1. User Creation Flow: We create the user programmatically using the /api/v1/users.create endpoint.
    • The username we provide is simple (e.g., guest1).
  2. Login Flow: Immediately after user creation, we call /api/v1/login or /api/v1/users.createToken to generate a fresh resumeToken.
  3. Deep Link URL: We load the following URL in the WebView:
    http://[server-address]/direct/[ROOM_ID]?layout=embedded&resumeToken=[TOKEN]

Observed Behavior (The Failure):

  • The resumeToken successfully authenticates the user, confirming the token is active.
  • Instead of being directed to the DM room, the user is stuck on the “Register username” modal (as shown in the attached image).
  • The modal suggests a variant username like guest1-0.

Our Analysis:
It appears the user’s account is being created in a state that requires final username confirmation via the UI, even though a username was provided during the /api/v1/users.create call.

Questions for Support:

  1. What should be my actions to not get Register Username modal , as this is harmful for seamless user flow?
  2. What specific parameter must be included in the /api/v1/users.create call to fully provision a user and bypass the “Register username” modal when logging in via resumeToken? (if needed)
  3. Are there specific account settings (e.g., in Admin → Accounts) that need to be disabled to prevent this initial username confirmation step for API-created users in v7.10.0?
  4. Is this a known bug in v7.10.0 related to programmatic user creation?

Thank you for your assistance in resolving this integration blocker.

1000087665
10000876651080×2400 97.4 KB

2

Ok. First.

Information devs will require

Please remember this is open source. It might be “critical” for you, but it might not be for them.

So what users are actually created in Rocket? Status etc? Can you generally login with that user?

Have you checked you are up to date with current methods (things change…) eg:

Did this work on previous versions? Which ones?

A big more digging is required here.

1 Like
3

Also search github issue (both open & closed) for “iframe”.

There have been other incidents, though not necessarily related.

1 Like
4

"Thank you for the reply. I understand this is an open-source project and appreciate the support.

Regarding previous versions: This is a new implementation, so we do not have a working prior version for comparison.

Regarding SSO/Iframe: We are not using the full Iframe-Based SSO flow. We are programmatically creating the user and then using the standard resumeToken parameter to load an authenticated deep link.
Our Analysis (and Proposed Solution): Based on testing,

  • how the issue appears : we create user using users using /api/v1/users.create with role of guest ,then the user appear in the list, when we click on the user it logins using user ‘s username and password , generates token using /api/v1/login now we use this token to enter in the room(DM) with a host using [deeplink our server url]/direct/Wmi3KbN6Z896BLdz7YtED8E65WniZPJ4K2?layout=embedded&resumeToken=[token from login]
  • Our guess: it maybe due to login of different user from same browser or device.
    below is the attached video for issue reference.
  • images below shows listing of users, on clicking which we enter the chat as the user we clicked

collage
collage4000×3000 500 KB

5

Probably worth testing this with different browsers?

Never guess. Always test.

6

  • In our android app we were using webview (a component used to load URL ) like iframe for websites

  • we are getting such issue of popup of Register Username even though the user is already created

  • I need a help - As there maybe a way why this popup is triggered and a way to disable this popup ?

  • If you provide anything working, it will be helpful

7

A quick question:
If I hide an option using css in administration, can someone access it using dev tools and click it?

8

Have you actually tested?

Probably the best way to find out.