Api.access.deny() message in not a part of redirect URL

I am trying to enforce user to verify email before being able to sign in to application, but not very successful.

I was fillowing this OktaDev YouTube video: https://www.youtube.com/watch?v=VM49mPTLsv0
But I was not able to get the same result.
On the video, if user try to log in to application and email is not confirmed, there is an error message displayed on the screen. Also there are “error” and “error_description” parameters are part of the calback URL.

When I tried to implement the same thing, my callback URL does not have “error” and “error_description” as well as error message is not displayed on the screen. The page just make a refresh to the same login screen again.

Also I have tried to use this action from the marketplace: https://marketplace.auth0.com/integrations/auth-0-require-email-verification
But got the same result.

Is it a bug?

Hi @artembondar,

Thanks for reaching out to the Auth0 Community!

It looks like you have installed the Require Email Verification action but did not add it to your Post-Login action flow.

In this case, you will need to attach the Action script to the flow. Please refer to the Attach the Action to a flow documentation for more information.



Thank you for your response.
I have added to my Post-Login action flow.

And here is how my callback URL looks like. I am just redirected back to the login screen again, without an expected error message:

Cound anyone else from the community provide any other suggestion please? :slightly_frowning_face:

Hi @artembondar,

Thanks for your replies.

I have just rechecked your Post Login action flow and still see that your Require Email Verification action is still not attached to the flow.

Please make sure your apply your changes once you have attached the action to the flow.

Could you give it a try and let me know how it goes?


Hi @rueben.tiow Thank you for getting back!

You don’t see it attached in my flow because I have removed it. I have removed because it does not work the way I expect.

The way it works, when I activate in the workflow, is page just make a refresh back to a login screen when user try to login (if email not verified). No error massage whatsoever on what happened. In my initial post I have referred to YouTube video which shows, that error message is displayed. Also this error message included into the callback URL.
In my example - non of this happens. Screen just make a refresh.
Try it! I am sure you will see the same behavior.

I can make a sreen recording if the provided description is not enough. Please let me know.

1 Like

Hi @artembondar,

Thanks for the update and clarification.

I noticed that you are using the built-in ‘Require Email Verification’ action, and you have not been able to prevent unverified email users from logging in.

As a test, could you create a custom Post-Login Action and deny users from logging in if their emails are unverified?

Here is the sample code:

exports.onExecutePostLogin = async (event, api) => {
  if (!event.user.email_verified) {
    api.access.deny(`Access to ${event.client.name} is not allowed.`);

Thank you for getting back to me and trying to help :slight_smile:

He honest, the solution that you adivice was the very first thing that I have created. I made my own custom action, and when I realized that it does not work, I have made more research and found the YouTube video with an Action from marketplace which works (or does not work) exactly the same way as my custom action.

So, I have tried everything I could. This functionality - simply does not work for me.

If you have a chance or time, I would be happy to share a screen with you and privatly send you a video recording if you can take a look, that described functionality does not work. And I don’t know why. Is it only me or it’s for everybody.