Problem statement
This article explains why after converting Rules to Actions, there is 1 difference in Force Email Verification:
the value of "error" in the error response has been changed from "unauthorized" to "access_denied"
Symptoms
After converting the Force Email Verification Rule to Action, the result of the Action is as follows:
{
"error": "access_denied",
"error_description": "Please verify your email before logging in."
}
While the result of the Rule is:
{
"error": "unauthorized",
"error_description": "Please verify your email before logging in."
}
Cause
The api.access.deny function will always return an access_denied error code. There is no way to return a different error code.
Solution
A possible workaround would be to provide the error code as part of the message. One example is to encode the error code and actual error message into JSON and pass it as the message. The application can then decode the object and retrieve the code and message individually.