Login / Post Login Action: api.access.deny in onExecutePostLogin produces infinite loop

I am using the Universal Login with Classic Experience in a SPA. I am trying to deny access to users whose password has not been changed in 90 days. For example:

exports.onExecutePostLogin = async (event, api) => {
  if (isPasswordExpired(event)) {
    // This works, but this isn't going to show the user
    // that their access is denied
    // api.redirect.sendUserTo(`https://login.staging.videoamp.com/v2/logout?returnTo=https://stage-fc-ui.videoamp.com/&client_id=${event.client.client_id}`);

    // This results in an infinite loop
    api.access.deny("Unauthorized");
  }
};

Screenshot 2023-04-14 at 11.43.00 AM

Hey there @wmangerva welcome to the community!

You should be able add an error message to sendUserTo as a query param in the URL at which point you can display to users any way you please. Something like:

exports.onExecutePostLogin = async (event, api) => {
  if (isPasswordExpired(event)) {
    const errorMessage = 'Your password has expired. Please reset your password.';
    const encodedMessage = encodeURIComponent(errorMessage);
    const customErrorPageURL = `https://login.staging.videoamp.com/v2/logout?returnTo=https://stage-fc-ui.videoamp.com/&client_id=${event.client.client_id}&error_message=${encodedMessage}`;
    api.redirect.sendUserTo(customErrorPageURL);
  }
};

There’s also the option to pass encoded data in a JWT:

Hello @tyf , thanks for your quick reply.

I’ve tried what you’ve suggested and while I could get the redirect to work, it wasn’t doing what I’d expect.

Screenshot 2023-04-14 at 4.02.19 PM

Hey @wmangerva no problem, happy to help where I can!

It might be easier to just redirect to your custom error page without any forwarded error message - That is, rely on the Action code logic to redirect to the relevant error page and display the error there.

exports.onExecutePostLogin = async (event, api) => {
  if (isPasswordExpired(event)) { 
    const customErrorPageURL = `https://login.staging.videoamp.com/v2/logout?returnTo=https://stage-fc-ui.videoamp.com/&client_id=${event.client.client_id}`;
    api.redirect.sendUserTo(customErrorPageURL);
  }
};

I have got still issues. I can not redirect internal my page. Like this.

api.redirect.sendUserTo(“https ://client-personal-trainer-cms.vercel.app/my-profil”
but response is 200

and it can easily redirect youtube.com, google.com/profile or anything.

api.redirect.sendUserTo(“https://google.com/profile

What is the problem ? how can i fix that ?

It’s probably not going to help much, but there’s an extra space in your URL.

https ://client-personal-trainer-cms.vercel.app/my-profil

should be

https://client-personal-trainer-cms.vercel.app/my-profil

1 Like

This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.