Issues regarding docs on Redirect to consent page


I am trying to set up a consent page to be used when registering a user, so that the user can check a box to agree to our terms.

I am using these instructions in the official docs: GDPR: Track Consent with Custom UI

I have created the rule in Auth Pipelines. The inline code editor gives me a warning “‘exports’ is not defined.” regarding the code I have copy pasted. Not sure that’s really an issue, so I just saved it as is.

exports.onExecutePostLogin = async (event, api) => {
const { consentGiven } = event.user.user_metadata || {};

// redirect to consent form if user has not yet consented
if (!consentGiven && api.redirect.canRedirect()) {
  const options = {
    query: {
      auth0_domain: `${}`,
  api.redirect.sendUserTo(event.secrets.CONSENT_FORM_URL, options);


// if user clicks ‘I agree’ on the consent form, save it to their profile so they don’t get prompted again
exports.onContinuePostLogin = async (event, api) => {
if (event.request.body.confirm === “yes”) {
api.user.setUserMetadata(“consentGiven”, true);
} else {
return api.access.deny(“User did not consent”);

For the CONSENT_FORM_URL key/value pair, I’ve used http://localhost:3000/consent and I’ve also created this page locally.

When trying to sign up on my local web app, and clicking the sign up button, it should normally redirect to that consent page, but instead I get a white page with the following error text: access_denied (Invalid response code from the auth0-sandbox: HTTP 400. Unexpected token ';')

Are the official docs broken, or am I missing something? Thanks for helping.