Problem statement
I have a business logic in Pre User Registration Action where I want to deny user registration based on condition. I see the action is triggered and the condition is passed, but Auth0 does not deny the registration. Instead, it is creating the user.
Here is the snippet of action; this IF block is getting executed, but api.access.deny does not work.
exports.onExecutePreUserRegistration = async (event, api) => {
//
// Some codes were omitted for brevity.
//
auth0.users.getByEmail( event.user.email, function ( err, users) {
if(users[0] == undefined){
api.access.deny("Email is not present in primary connection", "Email is not allowed to register");
}
}
}
Is there any limitation on this?
Solution
A code like the following prevented the signup from the pre-user registration action.
exports.onExecutePreUserRegistration = async (event, api) => {
api.access.deny('no_signups', "this should fail");
};
Calling api.access.deny API in the callback function or implementing a solution with promise using then has the same issue as the execution flow of the extension continues before the deny code is triggered.
Changing the code to use await and calling the api.access.deny API in the subsequent line in the code helps to block the signup.
For the sample code, the following helps to block the user;
exports.onExecutePreUserRegistration = async (event, api) => {
//
// Some codes were omitted for brevity.
//
var users = await auth0.users.getByEmail(event.user.email);
// Deny code is implemented in a subsequent line, and the execution of the pre-user registration
// hasn't been completed yet.
if(users[0] == undefined){
api.access.deny("Email is not present in primary connection", "Email is not allowed to register");
}
}