Custom 'Incorrect Password' error

Does the Auth0 system provide any extensibility point for handling a “Failed Login (Incorrect Password)” event?

When the client fails to login using password auth, I want to return a more specific error code in some cases, based on user info about the account (if any) that the attempt was made against.

For example: if the user.app_metadata.must_reset_password flag is set, I want to show the client “you must reset your password” error rather than a generic “incorrect password” error. (I realize that this enables account-probing.)

Hi @mamacdon,

There isn’t an extensibility point for incorrect password like with post-login or change-password.

If this is the main use case, you may want to consider using a different pattern. If you are enforcing a password reset for your user, you should let them authenticate with the existing password, then use an action/rule to throw an error instructing them to reset their password.

1 Like

This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.