Api.access.deny doesn't seem to return any value

Hi,

I have read a lot of different questions in here about api.access.deny, redirect and error messages but I still haven’t found an adequate answer yet. So below are my two questions to this topic.

1. General questions about “api.access.deny(‘reason’)” in the “onExecutePostLogin” flow

The documentation says the following:

api.access.deny(reason)

Mark the current login attempt as denied. This will prevent the end-user from completing the login flow. This will NOT cancel other user-related side effects (such as metadata changes) requested by this Action. The login flow will immediately stop following the completion of this action and no further Actions will be executed.

Parameter: reason
Description: A human-readable explanation for rejecting the login. This is sent as error_description to the application that initiated the request.

Questions:
What does mark actually mean under the hood?
Can I replicate this myself by setting some secret variable to true/false?
If I use api.redirect.sendUserTo(redirectToUrl); without using the api.access.deny method, will it have the same effect or do I need to do/set something else as well?

2. According to the documentation (see question 1) it says that the parameter is sent as an error_description to the application that initiated the request, however this doesn’t seem to happen.

I have a simple C# application and the following snippets of interest.

Program.cs → Config
image

HomeController.cs → Login

HomeController.cs → Denied (by setting the deny flag in the flow. Here I would expect to see the error_description)

Login flow inside Auth0

exports.onExecutePostLogin = async (event, api) => {
  api.access.deny('Some random reason to deny the request here');    
};

Question:
Do I need to change something in the C# configuration or set a flag in the Auth0 application to get the error message?