Problem Statement
We added “Sign In with Google” feature to our application and enabled our social connection. Everything is working as expected except for error handling. Our application requires an email invitation, so we created a custom login action to check if the email you sign in with google has been invited and will raise an error if the email associated with the google account hasn’t been invited to our application. In this case, we would like to deny access and redirect to our login page. However, the URL loops while changing state. This behavior happens whether we use api.access.deny, api.redirect.sendUserTo, or both.
We use the ‘@auth0/auth0-react’ package on our front end and new universal login.
Symptom
When users attempt to log in with a Google Social connection, the authentication with Google succeeds, but the Action pipeline kicks in and causes a redirect loop. The loop is redirected to the callback endpoint with an error message configured in the Action.
Solution
Before navigating to their application’s login endpoint, you first need to make a federated logout call to Google so that this user can go through the login flow again (and break the loop). So in the Action, you need to first call the federated logout and then use the returnTo parameter to either redirect the user to the login page or a custom error page, depending on your business needs.