Authentication Error "No connections enabled for the organization"

Problem statement

Authentication is used for clients in the context of an organization. Enterprise connections are configured in a hub-and-spoke configuration to route the users to appropriate regional Auth0 tenants at the point of login. Authentication to an organization must be disabled in one use case: this is achieved by removing the connection from the organization.

Auth0 prevents authentication and returns a 200 HTTP status with the following error in the redirect URL:

  • No connections enabled for the organization*

Symptoms

Authentication results in this error message:

No connections enabled for the organization

Cause

This is the correct behaviour: the status code 200 is expected to be received from the callback URL.

When this happens, it means that Auth0 is able to reach an application’s callback and return the response from the Authentication flow.

  • If the Authentication is successful, Auth0 makes a GET request to the application’s callback and provides the Authorization code as the URL query parameter (if the Authorization Code Exchange flow is enabled).
  • If Authentication fails, we also make the GET request to the application’s callback URL and provides the error message in the query

Solution

This is the correct behavior. The status code 200 is expected to be received from the callback URL. To force the caller to receive a different HTTP status code. Follow the steps below:

  1. Parse the query parameters of the callback and handle the error this way. The error handling is already built-in if any of the Auth0 SDKs are in use.
  2. Alternatively, parse the query parameters at the callback and render the custom error template if the error and error_description parameters are returned to the callback instead of the code. For further information, refer to Customize Error Pages.

Related References