Avoid redirection when denying login with Actions

I would need to have users verify their email address before logging in and otherwise deny access. This can easily be done with Actions or formerly Rules. In the case of an unverified email, api.access.deny(msg) is called. While for the registration flow this simply displays an error message within the Auth0 form, for the login flow it redirects the user to the destination page with the error passed in the url.

This is very impractical as we have applications that do not support handling the error information given by Auth0 at all and also it would require implementing error handling in every single application that uses Auth0 for authentication.

I therefore have two questions:

  • Can my use case of enforcing email verification without redirecting to the target app in case of login refusal be solved differently?
  • Is the design to redirect users to the target app in case of errors in the login flow intentional?

Edit: note, that my problem is basically the same as described in Show rule error in Universal Login - #10 by FDX where the last post states, that it’s currently not supported and should be solved with a custom error page. Unfortunately, we want to SSO into a service, where can’t adjust business logic, hence implementing a custom page is not possible.

5 Likes

Hey there!

As this topic is related to Actions and Rules & Hooks are being deprecated soon in favor of Actions, I’m excited to let you know about our next Ask me Anything session in the Forum on Thursday, January 18 with the Rules, Hooks and Actions team on Rules & Hooks and why Actions matter! Submit your questions in the thread above and our esteemed product experts will provide written answers on January 18. Find out more about Rules & Hooks and why Actions matter! Can’t wait to see you there!

Learn more here!