Hello,
We have encountered an issue where the error_description query string parameter is no longer being included in the callback URL for our application when we deny a user login inside a Post Login Action. This previously worked fine for several months now, but in the last few days, we have realised we are no longer receiving the error_description from Auth0.
What is happening?
- User registers an account.
- Auth0 sends a verification email to the user.
- User does NOT click the verification link, and instead logs in without verifying their email.
- Our Post Login Action denies the login e.g.
api.access.deny(reason)where thereasonis formatted like:UNVERIFIED_EMAIL:josh.cole%2Bdec23j%40example.com. - Auth0 sends the user to our callback URL:
https://example.com/auth-error?error=access_denied&state=eyJyZXR1cm5UbyI6Imh0dHBzOi8vbmV0d29yay1zdGFnaW5nLmVsbGVubWFjYXJ0aHVyZm91bmRhdGlvbi5vcmcvIn0 - The
errorparameter is correctly set to “access_denied” in the callback URL, but theerror_descriptionparameter is missing. - Our app shows the user a generic error message instead of “please verify your email address”, because the
error_descriptionis missing.
What did we expect to happen?
- Both the
erroranderror_descriptionparameters are included in the callback URL. - Our app is able to determine the correct error message to show the user, e.g. “please verify your email address”.
Are we doing something wrong here, or has the behaviour of Auth0 Actions changed?