Help understanding error codes in pre-user-registration and post-login actions

Help
, , ,
1

Hi, we’re using both pre-user-registration and post-login actions, and seems that error codes and descriptions are not consistent, so we’re trying to find ways to align them.

Sample code of the pre-user-registration action:

exports.onExecutePreUserRegistration = async (event, api) => {
  // ...
  if (someCondition) {
    api.access.deny("USER_ACCOUNT_NOT_ACTIVE");
  }
  // ...
};

When triggering this case, via curl, we get a 400 HTTP error, and body:

{"error":"extensibility_error","error_description":"USER_ACCOUNT_NOT_ACTIVE"}

We have a similar code in the post-login flow:

exports.onExecutePostLogin = async (event, api) => {
  // ...
  if (someCondition) {
    api.access.deny("USER_ACCOUNT_NOT_ACTIVE");
  }
  // ...
};

But when triggering this case, via curl, we get a 500 HTTP error code and body:

{"error":"access_denied","error_description":"USER_ACCOUNT_NOT_ACTIVE"}

Got a couple of questions:

  1. Can we customize the error field (error_description matches our code, correctly)? Or it’s always hard-coded to be “extensibility_error” in pre-user-registration and “access-denied” in post-login?
  2. Can we specify the HTTP response code, so in post-login it returns a 40x instead of a 500? Or at least, can we make them match between pre-user-registration and post-login?

We tried passing a second argument to api.access.deny (as described in API object) in the pre-user-registration flow, but we don’t see the extra string show up in the response.

Any thoughts?

Thanks!!
-Chris

2 Likes
3

Hi @chris.middleton,

Welcome to the Auth0 Community!

I understand that you have some questions about customizing the error messages when using Actions.

Unfortunately, it is not possible to customize the error field. This is fixed and cannot be changed.

Moreover, the HTTP response code cannot be changed either.

After my tests, I was able to display both the reason and userMessage in the response successfully. See below for clarity.

image
image1270×282 43.6 KB

image
image922×356 41.4 KB

With that, you should be able to pass the userMessage parameter as the second argument.

Please let me know how this goes for you.

Thank you.

4

Thanks for your help!

Thanks for confirming that we cannot edit the error field or the HTTP response code. Is that something that’s in the roadmap? Getting an HTTP 500 for auth or bad request is not ideal.

Also, can you give me context on how you got all those fields in the response? When calling the API via curl, I only get “error_description” and “error”. Is there an extra param or header that will return more info?

Thanks again!

-Chris

1 Like
5

Hi @chris.middleton,

Thank you for your reply.

Unfortunately, modifying the HTTP response code is not in our roadmap.

If you believe that this is a feature you and many others would benefit from, please submit a feedback request asking for support for modifying the response code in Actions.

And for clarification, I was using Postman to register a user using the Authentication API. The response was the one shown in the screenshot.

Please let me know if there’s anything else I can do to help.

Thank you.