I’m trying to make our Auth0 signup logic work a bit more cleanly for my web service hosted on AWS ECS behind an ALB. Due to compliance requirements, we’re not able to allow users to be approved for our site until an administrator manually approves them by changing a key (“approved”) in the users app_metadata. When they sign up, they get the expected widget that includes our message “An administrator must approve your account…” etc. But many impatient users immediately try to login. If they try to login without approval, they get an ugly 401 page that just says Unauthorized, so they inevitably try to sign up again and again and eventually reach out with a support ticket. I’m hoping I can use a custom error page for 401’s that will show up when that happens and explain their account is pending approval and we’ll let them know when it’s ready. Unfortunately, AWS ALBs don’t have a graceful way to handle 401 error codes, happy to be corrected if I’m wrong there though. And I’ve noticed the URL on the 401 page has a blurb that implies the error page is coming from auth0 (at least I hope):
oauth2/idpresponse?error=unauthorized&error_description=Your%20registration%20must%20be%20approved%20by%20an%20administrator
That content is in my Administrator Approval rule, so my hope was I could just pop some js in there, but haven’t been very successful.
My question is what steps should I take to implement a prettier error page? I’ve spoken to folks at AWS and they told me to ask Auth0 and I’ve talked to an account rep at Auth0 and was told to ask AWS. So I’m hoping someone here has more insight! Happy to share more details if they’d be helpful, and to take advice on where this whole pipeline could be improved - I’m no expert. Thanks in advance.