Unfortunately, rules run after authentication, and so redirecting back to the login page would go against the natural flow. When the UnauthorizedError is thrown in your rule, the user will be redirected to your app with the error message as a URL query string parameter.