Hi @jhicks
After doing some testing on this matter, I can confirm that your desired flow can be achieved with api.access.deny(‘message’) to first deny access to the user and then direct them to a Custom Error Page, allow me to outline why:
- api.access.deny() will terminate the authentication flow, therefore anything added after it will not get triggered;
- once the authorization error occurs and if you do not have a valid callback URL, your application will display the default generic Auth0 error page, or a custom error page if you set it up, that can also contain a redirect button;
- using api.redirect.sendUserTo is a great idea, but it cannot be accessed due to the above after calling api.access.deny().
One way to complete these actions in sequence ( first denying the user’s access with an error message, then redirecting them) can be done by setting up a Custom Error Page where you will redirect the users to after denying them access, that is setup to display an error message and have a button to redirect the user once pressed.
I recommend taking a look at the following topics and documentations, as some approaches mentioned can assist with creating a flow that suits your needs:
- Redirect user back to login page with error message displayed - #3 by richard.hart
- Deny PLUS redirect in Action Triggers - #2 by sumansaurav
- Cannot Get Back to Login Screen After an Action Denies Access
Hope this helped!
Gerald