Overview
This article clarifies whether there are ways to display an error message on the passkey-enrollment screen when the user’s access is blocked with api.access.deny().
Users might get stuck on the passkey-enrollment screen if the user is blocked and no error is shown.
Use Case: Block signups for users with a specific email domain.
Sample Action (Pre-Registration Action):
exports.onExecutePreUserRegistration = async (event, api) => {
api.access.deny(
"disallow email domain",
"You cannot use this email domain"
);
return;
};
Signup flow:
- Click Sign up.
- Sign-up screen: Enter the email address.
- Passkey-enrollment screen: Click Create a passkey.
- Choose how the user wants to create a passkey.
- Click Continue.
- api.access.deny() is called.
- Passkey-enrollment screen: No error is shown. The user gets stuck on this screen.
Applies To
- Passkey
- Multifactor Authentication
- Factor Enrollment
- API Calls
Solution
This can be achieved by using a validation error in the actions flow, respectively api.validation.error() call, instead of api.access.deny() for this use case.
For example:
exports.onExecutePreUserRegistration = async (event, api) => {
api.validation.error("disallow_email_domain", "You cannot use this email domain");
return;
};