Api.access.deny with pre-user-registration trigger

I added a trigger on pre-user-registration to deny registration for one application while still allowing it for others.

exports.onExecutePreUserRegistration = async (event, api) => {
  // deny signups on staging
  
  if (event.client?.client_id === '(redacted)') {
    api.validation.error('denied', 'Not allowed');
    api.access.deny('signup_denied', 'Signup not allowed');
  }
};

It does half of what I expected, and that is to block registration. The other half would be to show a message to the user. As you can see, I tried api.access.deny and api.validation.error. Neither one shows anything on the Universal Login form. Where might I have gone wrong here?

Hi @steve227,

Welcome to the Auth0 Community!

I have replicated the issue and tested the code you’ve provided.

The api.validation.error() method will display a message above the email input field to warn you that the credentials have not been validated.

Screenshot 2025-02-20 at 18.20.031420×544 49.3 KB

Screenshot 2025-02-20 at 18.21.37966×1192 55.8 KB

The api.access.deny() method will display the message on the password input field as if the password inputed is wrong.

Screenshot 2025-02-20 at 18.22.291478×536 50.2 KB

Screenshot 2025-02-20 at 18.22.431008×1674 98.4 KB

The reason it’s only doing half of what is expected of it is that the moment you call either function, the code execution stops. Only the first one will be executed.

Screenshot 2025-02-20 at 18.23.231390×488 47.4 KB

Screenshot 2025-02-20 at 18.23.30950×1672 95.8 KB

As for why it’s not showing any message on the Universal Login form, make sure no settings that would trigger the Classic Login Experience are turned on, such as Customize Login Page.

If you have any other questions feel free to ask.

Have a good one,
Vlad

Thanks for the quick reply. And thank you for the clarification that only one of the two messages can be used. As far as not showing any message, how can I be sure I haven’t made any changes that would trigger the Classic Login Experience. I can’t easily identify the difference between Classic and Universal. Does the following screenshot look like Universal?

image509×859 43.2 KB

If you go to your dashboard > Branding > Universal Login > Advanced options you should have Universal Login selected. All the other tabs need to have their customizability option turned off.

Screenshot 2025-02-21 at 14.46.392030×614 53.8 KB

If at least one of them is turned on the Classic Login Experience will be used instead.

If you have any customization that you might have applied there, you can use the tools the Universal Login Experience has to recreate them.

I checked through those settings. I do not have any customizations enabled. In any case, it is showing the error message now. Maybe there was a delay because of browser caching that caused it to not work for a long while.

Well this is interesting. It stopped working again.

image427×300 13.4 KB

Is this happening after you put in a valid password and proceed?

Well, maybe not. I guess I was too quick to assume the issue was with the hook code. I’ve become so accustomed to generating passwords with 1Password and not manually, that I never pay attention to the “Your password must contain” section. Sorry to trouble you.

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.