Api.access.deny with pre-user-registration trigger

steve227 · February 20, 2025, 8:01am

I added a trigger on pre-user-registration to deny registration for one application while still allowing it for others.

exports.onExecutePreUserRegistration = async (event, api) => {
  // deny signups on staging
  
  if (event.client?.client_id === '(redacted)') {
    api.validation.error('denied', 'Not allowed');
    api.access.deny('signup_denied', 'Signup not allowed');
  }
};

It does half of what I expected, and that is to block registration. The other half would be to show a message to the user. As you can see, I tried api.access.deny and api.validation.error. Neither one shows anything on the Universal Login form. Where might I have gone wrong here?

vlad.murarasu · February 20, 2025, 5:21pm

Hi @steve227,

Welcome to the Auth0 Community!

I have replicated the issue and tested the code you’ve provided.

The api.validation.error() method will display a message above the email input field to warn you that the credentials have not been validated.

The api.access.deny() method will display the message on the password input field as if the password inputed is wrong.

The reason it’s only doing half of what is expected of it is that the moment you call either function, the code execution stops. Only the first one will be executed.

As for why it’s not showing any message on the Universal Login form, make sure no settings that would trigger the Classic Login Experience are turned on, such as Customize Login Page.

If you have any other questions feel free to ask.

Have a good one,
Vlad

steve227 · February 21, 2025, 12:40am

Thanks for the quick reply. And thank you for the clarification that only one of the two messages can be used. As far as not showing any message, how can I be sure I haven’t made any changes that would trigger the Classic Login Experience. I can’t easily identify the difference between Classic and Universal. Does the following screenshot look like Universal?

vlad.murarasu · February 21, 2025, 1:19pm

If you go to your dashboard > Branding > Universal Login > Advanced options you should have Universal Login selected. All the other tabs need to have their customizability option turned off.

If at least one of them is turned on the Classic Login Experience will be used instead.

If you have any customization that you might have applied there, you can use the tools the Universal Login Experience has to recreate them.

Topic		Replies	Views
Password Validation Message Shows on event.api.deny Help validation , pre-user-registratio , user_registration	2	3234	April 7, 2022
Use Pre-User Registration Action to Modify Error Message on Sign-up with Existing Email Knowledge Articles api-validation-error , email-conflict	1	92	July 11, 2024
Pre-Registration Action calls api.access.deny, how to show specific message in Universal Login Help management-api , users	5	4185	November 29, 2022
Improve error logic denying registration Product Feedback	0	283	February 12, 2024
Issue with the Passkey-Enrollment Screen when api.access.deny() is Called Knowledge Articles api , enrollment , passkey	1	23	August 12, 2024

Api.access.deny with pre-user-registration trigger

Related topics