How to handle access denied response

Hi folks,

I enabled Actions/Flow post login action - white list user. I set the secret and tryed to log in with a user which is not in the white list users.

Unfortunately when I call api/auth/login by clicking on the login button I get redirected to the following url:
http://localhost:3000/api/auth/callback?error=access_denied&error_description=access%20denied.&state=eyJyZXR1cm5UbyI6Imh0dHA6Ly9sb2NhbGhvc3Q6MzAwMCJ9

I use the action from the template. And not sure how to handle this. I’m expected to get redirected to the Universal Login page and able to try to login with another user which is in the whitelist but I keep redirected to the aforementioned url.

Tried many thing to handle:

const afterCallback: AfterCallbackAppRoute = (
	reqest: NextRequest,
	session: Session,
	state: { [key: string]: any } | undefined,
): Promise<Session | Response | undefined> | Session | Response | undefined => {
	// if (session.user) {
	// 	return session;
	// } else {
	// 	redirect('/');
	// }

	if (state) state.returnTo = '/';
	return session;
};

export const GET = handleAuth({
	callback: handleCallback({
		afterCallback,
		redirectUri: 'http://localhost:3000',
		authorizationParams: {
			redirect_uri: 'http://localhost:3000'
		}
	}),
	login: handleLogin({
		returnTo: 'http://localhost:3000',
		authorizationParams: {
			prompt: 'consent'
		}
	}),
});

Nothing worked.
Some guidance would be deeply appreciated.

Kind regards,
Gabor

Hi @gabor.ottlik.hun,

When you use the api.access.deny() method, it will deny users from logging in, but their session will remain intact. So, in subsequent login attempts, the user will continuously be sent to the error page (http://localhost:3000/api/auth/callback?error=access_denied&error_description=access%20denied.&state=eyJyZXR1cm5UbyI6Imh0dHA6Ly9sb2NhbGhvc3Q6MzAwMCJ9) until the user logs out.

That said, you will need to log the user out whenever they have been denied access to kill the session. This way, they can try logging in again with another user. To do so, please redirect your users to the /v2/logout endpoint.

See this knowledge solution as a reference.

Thanks,
Rueben

Thanks, this solved my first use case.

auth0.handleAuth({
		callback: auth0.handleCallback({
			redirectUri: `http://${subdomain}.localhost:3001/api/auth/logout`,
		}),
		'update-session': auth0.handleProfile({ refetch: true }),
		'silent-login': auth0.handleLogin({
			authorizationParams: {
				prompt: 'none',
				redirect_uri: `http://${subdomain}.localhost:3001/api/auth/login`,
			},
		}),
		logout: auth0.handleLogout({
			returnTo: `http://${subdomain}.localhost:3001`,
		}),
	})

Keep in mind that I redirect from / root to silent-login:

if (!user && !userId && !isLoading) {
	router.push('/api/auth/silent-login');
}

But there is another one.
When I’m using Action / Flows / Login / Custom / From template / post-login / whitelist by user email I keep getting this error page after a login attempt.

I handle the following way:

export const GET = handleAuth({
	async callback(req: any, res: any) {
        try {
            await handleCallback(req, res);
        } catch (error) {
            return Response.redirect(
				`http://localhost:3000/api/auth/logout`,
				301 // just for testing
			)
        }
    },
	login: handleLogin({
		returnTo: `http://localhost:3000/admin`,
	}),
	'silent-login': handleLogin({
		authorizationParams: { prompt: 'none' },
	}),
	logout: handleLogout({
		returnTo: `http://localhost:3000`,
	}),
});

Although it calls the logout endpoint it never really logs me out. So I’m stucked in this idle place where I can’t log in neither log out properly while using this custom post-login flow.