Api.access.deny does not work for unferified email when use SAML integation

artembondar · May 3, 2024, 3:59pm

Hi

I use Auth0 with Learnworlds platform through SAML integration

I want to prevent users to log in without email verified.
I have added the Login authorization flow, how shared in this example: Force email verification using Actions

Unfortunately, this does not work for my Learnworlds website.
Other Angular application that has integration with Auth0 works, and login is prevented. But for Learnworld website integrated with SAML - user still able to log in

What could be the issue?

And one more thing… for Angular application, when access to login is denied, there is no error message displayed or something about why user not able to log in. So this is a confusing for the user, what the user should do next.

rueben.tiow · May 6, 2024, 7:40pm

Hi @artembondar,

I just checked your tenant settings and found that you have created the “Confirm Email is Verified” action script but did not bind it to the Post-Login flow.

Please attach the action to the flow and save your changes.

Once that’s done, your Action script should work correctly.

Keep me posted on how this goes for you.

Cheers,
Rueben

artembondar · May 7, 2024, 12:36am

Hi @rueben.tiow

Thank you for the response.
I have added this action to the Login flow, but it still does not work.

Feel free to go to my website, www.bondaracademy.com, create any random invalid email, and be able to sign up and log in without any issues.

Please let me know if you have any other questions.

Thank you!

rueben.tiow · May 8, 2024, 6:36pm

Hi @artembondar,

I have tested the signup on your website, as you asked, and noticed that it works as expected.

Cross-checking with your tenant logs, I was able to see the f Failed login event with the “Please verify your email before logging in” error message.

You can also use Real-time Webtask Logs Extension to see your logs in real-time and verify the behavior.

Could you try that just to confirm that it works?

Thanks,
Rueben

artembondar · May 8, 2024, 8:02pm

@rueben.tiow
I have tested it one more time and I see what happens…

So when the user signs up - Auth0 redirects back to the homepage.
If the user try to Log In and the email not verified - the user redirected to the homepage again as an unauthorized user.

Unfortunately, this functionality is very confusing for the user, because to the user it looks like Sign In functionality is just broken because no error message is displayed for example that “Need to verify email” or something. Auth0 just redirects the user back to the homepage

system · May 22, 2024, 8:03pm

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Avoid redirection when denying login with Actions Help auth0 , universal-login , actions	1	3403	January 8, 2024
Enforcing Email Verification with SAML Help classic-universal-login-experience , login-experience	0	29	September 4, 2024
Passwordless New Universal Login doesn't halt on Pre-registration Action api.access.deny Help login-experience , new-universal-login-experience	4	486	October 10, 2024
Verified Email flag Help	2	1523	December 21, 2022
Getting the message of "api.access.deny" from Auth0 js Help classic-universal-login-experience , login-experience	0	113	July 7, 2024

Api.access.deny does not work for unferified email when use SAML integation

Related Topics