I have the universal login for a Salesforce experience cloud site. Users are enabled for the site in Salesforce itself, but we add a property to the user’s app_metadata that says if they are enabled or not (true or false).
I am trying to implement a post-login action where after a user inputs their Auth0 credentials, the app_metadata is checked and if the enabled property is false, I want the user to be redirected to the universal login with the error message of ‘You are not enabled for this site. Contact xyz’. Right now, if the user is not enabled for the site, they are redirected to a Salesforce generic page that says to contact the Salesforce Admin, thus why I want to change that to go back to the universal login with the clear message of what went wrong.
I’ve tried using the api.access.deny(‘message’) but all it seems to be doing is adding that deny message to the logs but the user is still redirected to the generic Salesforce page.
I’ve tried api.redirect.sendUserTo and it does redirect to the universal login page, but it doesn’t have any error message, the documentation doesn’t show what the ‘query options’ are.
Has anyone had a similar scenario of wanting to deny access and showing a message on the universal login? Any help would be appreciated.
After doing some testing on this matter, I can confirm that your desired flow can be achieved with api.access.deny(‘message’) to first deny access to the user and then direct them to a Custom Error Page, allow me to outline why:
api.access.deny() will terminate the authentication flow, therefore anything added after it will not get triggered;
once the authorization error occurs and if you do not have a valid callback URL, your application will display the default generic Auth0 error page, or a custom error page if you set it up, that can also contain a redirect button;
using api.redirect.sendUserTo is a great idea, but it cannot be accessed due to the above after calling api.access.deny().
One way to complete these actions in sequence ( first denying the user’s access with an error message, then redirecting them) can be done by setting up a Custom Error Page where you will redirect the users to after denying them access, that is setup to display an error message and have a button to redirect the user once pressed.
I recommend taking a look at the following topics and documentations, as some approaches mentioned can assist with creating a flow that suits your needs: