I’m working on a Flow in our Auth0 tenants that has three Actions. The first action includes a conditional call to
api.access.deny. I expect when this deny call is made for the Flow to exit, as per the Auth0 action docs here: Actions Triggers: post-login - API Object
When the deny is triggered (which I can verify is happening because of the error message we receive back from Auth0) it does not exit the Flow but instead carries on and executes the next two Actions. This causes a corrupted state in our full auth flow that the user cannot escape from.
I’d like answers to the following questions:
- Is the documentation for
api.access.deny correct; that is
deny should exit the Flow at the end of that Action and not call subsequent Actions?
- Is there anything that can negate or cancel the behaviour of calling
deny in an Action?
- How should I exit a Flow from an Action if this is actually incorrect documentation?
Welcome to the Auth0 Community!
I understand that you have experienced issues with exiting the Post Login Action when using the
First, to address your questions:
Yes, this is correct and the expected behavior.
api.access.deny() method will exit the Action flow and show the error message to the user.
api.access.deny() is the correct method to exit a flow from an Action.
After testing this myself, I could not reproduce the same observations as you. Instead, I was able to exit the Action flow successfully. I checked this using the Real-time Webtask Logs extension with two additional Action scripts to print a message before and after the Deny Action script to verify the behavior.
In this situation, I would recommend using the Real-time Webtask Logs Extension to troubleshoot your Action scripts.
To add on, I have checked your Action scripts on your Tenant and can see the scripts you mentioned and see no visible issues with them. I would expect the Action to exit as usual when it reaches your conditional statements.
I hope this helps!
Please let me know how things go and if you have any further questions.
This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.