Custom 'Incorrect Password' error

mamacdon · June 16, 2021, 2:39pm

Does the Auth0 system provide any extensibility point for handling a “Failed Login (Incorrect Password)” event?

When the client fails to login using password auth, I want to return a more specific error code in some cases, based on user info about the account (if any) that the attempt was made against.

For example: if the user.app_metadata.must_reset_password flag is set, I want to show the client “you must reset your password” error rather than a generic “incorrect password” error. (I realize that this enables account-probing.)

dan.woda · June 23, 2021, 8:54pm

Hi @mamacdon,

There isn’t an extensibility point for incorrect password like with post-login or change-password.

If this is the main use case, you may want to consider using a different pattern. If you are enforcing a password reset for your user, you should let them authenticate with the existing password, then use an action/rule to throw an error instructing them to reset their password.

Topic		Replies	Views
Customization of error codes for login flow Get Help	1	2704	January 17, 2021
Full List of Errorcodes for Password-Reset by Customers in auth0-js lib Get Help classic-universal-login-experience , login-experience	3	1076	February 7, 2023
How to add custom error message for password reset UI (Universal Login) Archived lock , auth0 , login	3	4777	October 15, 2021
Handling the errors received on password reset form Archived password-reset , error	7	5999	November 8, 2018
Handling Login Failure in Auth0 Archived	2	4496	August 19, 2019

Custom 'Incorrect Password' error

Related topics