Deleted user can log in and redirected to call-back page with #error in url

mgdskr · November 9, 2020, 12:01pm

Deleted user can log in and is being redirected to callback page with error in url #error=unauthorized&error_description=Access%20denied.&state
I would rather expect universal login form would handle it for me and will show warning message that login is forbidden or something like that.
In my case it causes an infinite loop of redirects because of consequent call of checkSession redirects back to callbackpage with #error instead of passing error as callback param here

webAuth.checkSession({
nonce: ‘1234’,
}, function (err, authResult) {
…
});

dan.woda · November 10, 2020, 9:43pm

I wasn’t able to recreate this, a deleted user acts the same as a user that does not exist for me. Can you DM me your tenant name so I can take a look at the logs.

system · December 14, 2020, 4:30pm

This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Logging in with a blocked or deleted user leads to an infinite loop Help login	1	1455	August 26, 2022
UnauthorizedError in rule still redirects Help	2	4292	April 9, 2021
Cancel login from within a rule Help rules	2	3658	April 23, 2021
Callback UnauthorizedError not deleting auth0 cookie for a domain Help rules , cookie	2	3885	December 24, 2018
Simple problem please help! Redirect users after login not working Help auth0 , login , redirect , new-universal-login	3	6453	March 2, 2022

Deleted user can log in and redirected to call-back page with #error in url

Related topics