Last Updated: Aug 8, 2024
Overview
Admins implement an Action using the api.access.deny(reason) method and the error message is not shown on the Universal Login page but is passed on the Redirect URL instead.
Applies To
- Display the error on the Universal Login page.
- The error is returned in the callback URL.
Cause
Actions and Rules Custom Error Messages are expected to be passed on the Callback URL .
When using a method or function that returns an error message, Auth0 will send the error description to the application that initiated the request as part of the query string parameters present on the Callback URL. If the Application is not configured to receive and display the error descriptions, the user will be redirected to the Callback URL, but no error message will be shown.
NOTE: The Application must be prepared to receive these values and display them accordingly.
Steps to Reproduce
- Create a Post Login Action.
- Implement the api.access.deny(“Custom error message”) method.
exports.onExecutePostLogin = async (event, api) => { api.access.deny(“Not allowed to access this application”); };
- Save it and Add the Action to the flow.
- Initiate a Login flow and Authenticate using an existing user.
- Note the Custom Error Message being passed in the query parameters of the Redirect URL.
Solution
Configure the application to parse errors returned to the callback and display them to users.