Login Action - api.access.deny and api.redirect.sendUserTo Looping after Call

Last Updated: Nov 29, 2024

Overview

We added “Sign In with Google” feature to our application and enabled our social connection. Everything is working as expected except for error handling. Our application requires an email invitation, so we created a custom login action to check if the email you sign in with google has been invited and will raise an error if the email associated with the google account hasn’t been invited to our application. In this case, we would like to deny access and redirect to our login page. However, the URL loops while changing state. This behavior happens whether we use api.access.deny, api.redirect.sendUserTo, or both.
We use the ‘@auth0/auth0-react’ package on our front end and new universal login.

Symptom:

  • When users attempt to log in with a Google Social connection, the authentication with Google succeeds, but the Action pipeline kicks in and causes a redirect loop. The loop is redirected to the callback endpoint with an error message configured in the Action.

Applies To

  • api.access.deny
  • api.redirect.sendUserTo
  • Action

Cause

The looping is happening because the user has a valid active session with Google. The loop occurs because the Action is redirecting to the applications login endpoint with the Google social connection in the ‘/authorize’ call which immediately redirects to Google, who already has a valid session, which triggers the Action pipeline which will still trigger a failed login and again redirect to their login endpoint to begin the loop again.

Solution

Before navigating to their application’s login endpoint, you first need to make a federated logout call to Google so that this user can go through the login flow again (and break the loop). So in the Action, you need to first call the federated logout and then use the returnTo parameter to either redirect the user to the login page or a custom error page, depending on your business needs.

3 Likes