Login / Post Login Action: api.access.deny in onExecutePostLogin produces infinite loop

wmangerva · April 14, 2023, 5:48pm

I am using the Universal Login with Classic Experience in a SPA. I am trying to deny access to users whose password has not been changed in 90 days. For example:

exports.onExecutePostLogin = async (event, api) => {
  if (isPasswordExpired(event)) {
    // This works, but this isn't going to show the user
    // that their access is denied
    // api.redirect.sendUserTo(`https://login.staging.videoamp.com/v2/logout?returnTo=https://stage-fc-ui.videoamp.com/&client_id=${event.client.client_id}`);

    // This results in an infinite loop
    api.access.deny("Unauthorized");
  }
};

Screenshot 2023-04-14 at 11.43.00 AM

tyf · April 14, 2023, 9:03pm

Hey there @wmangerva welcome to the community!

You should be able add an error message to sendUserTo as a query param in the URL at which point you can display to users any way you please. Something like:

exports.onExecutePostLogin = async (event, api) => {
  if (isPasswordExpired(event)) {
    const errorMessage = 'Your password has expired. Please reset your password.';
    const encodedMessage = encodeURIComponent(errorMessage);
    const customErrorPageURL = `https://login.staging.videoamp.com/v2/logout?returnTo=https://stage-fc-ui.videoamp.com/&client_id=${event.client.client_id}&error_message=${encodedMessage}`;
    api.redirect.sendUserTo(customErrorPageURL);
  }
};

There’s also the option to pass encoded data in a JWT:

wmangerva · April 14, 2023, 10:19pm

Hello @tyf , thanks for your quick reply.

I’ve tried what you’ve suggested and while I could get the redirect to work, it wasn’t doing what I’d expect.

Screenshot 2023-04-14 at 4.02.19 PM

tyf · April 17, 2023, 10:14pm

Hey @wmangerva no problem, happy to help where I can!

It might be easier to just redirect to your custom error page without any forwarded error message - That is, rely on the Action code logic to redirect to the relevant error page and display the error there.

exports.onExecutePostLogin = async (event, api) => {
  if (isPasswordExpired(event)) { 
    const customErrorPageURL = `https://login.staging.videoamp.com/v2/logout?returnTo=https://stage-fc-ui.videoamp.com/&client_id=${event.client.client_id}`;
    api.redirect.sendUserTo(customErrorPageURL);
  }
};

tolgahanbora · April 19, 2023, 1:20am

I have got still issues. I can not redirect internal my page. Like this.

api.redirect.sendUserTo(“https ://client-personal-trainer-cms.vercel.app/my-profil”
but response is 200

image1619×458 48 KB

and it can easily redirect youtube.com, google.com/profile or anything.

api.redirect.sendUserTo(“https://google.com/profile”

What is the problem ? how can i fix that ?

wmangerva · April 20, 2023, 5:50pm

It’s probably not going to help much, but there’s an extra space in your URL.

https ://client-personal-trainer-cms.vercel.app/my-profil

should be

https://client-personal-trainer-cms.vercel.app/my-profil

tyf · May 5, 2023, 5:51pm

This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Post login flow - api.access.deny should display error on universal login screen Feedback login , actions	1	875	September 15, 2023
Adding custom login error Help login-experience , new-universal-login-experience	4	547	March 11, 2024
Logout via onExecutePostLogin action Help logout , sessions	8	3529	April 7, 2023
How to use post login action to force reset password with universal login? Help	2	5396	May 18, 2021
Logout if access deny Help identifier-first , login-experience	2	307	February 26, 2024

Login / Post Login Action: api.access.deny in onExecutePostLogin produces infinite loop

Related Topics