Some applications require special user requirements like email rules.
You can create a pre user registration action ([Pre User Registration Flow]) to deny access based on your own email validation:
const email = event.user.email
if (email && email?.indexOf('~') > -1) {
api.access.deny("email invalid", "email invalid");
}
The example above checks the email if it contains a tilde. If it is the case it will deny the attempt.
api.access.deny(reason, userMessage)
Deny the user from being able to register. The signup flow will immediately stop following the completion of this action and no further Actions will be executed.
But you can only specify the log message and user message which is displayed to the user.
The message is unclear because it highlights the password box and also displays the password error message even when the password was correctly filled in.
I would suggest a change where you can specify the reason why the signup was denied:
- Password
- Other
That way Auth0 can highlight the correct input on the login page. With “other” no input should be highlighted and only the error message should be displayed (for example when the IP is not allowed).
This proposal increases user expercience.