Hi @jane.d,
Welcome to the Community!
Unfortunately, Rules will execute after a user session has been created, and so you can’t prevent a session at that point.
The application is responsible for displaying an error message based on the error_description
passed back as a query param.
However, you can end the user session like in the topic you referenced:
function emailDomainWhitelist(user, context, callback) {
// Access should only be granted to verified users.
if (!user.email || !user.email_verified) {
return callback(new UnauthorizedError('Access denied.'));
}
const whitelist = ['example.com', 'example.org']; //authorized domains
const userHasAccess = whitelist.some(
function (domain) {
const emailSplit = user.email.split('@');
return emailSplit[emailSplit.length - 1].toLowerCase() === domain;
});
if (!userHasAccess) {
context.redirect = { url: "https://YOUR_DOMAIN.YOUR_REGION.auth0.com/v2/logout?returnTo=http%3A%2F%2Flocalhost%3A3000%3Fmsg%3Daccess_denied&client_id=YOUR_APP_CLIENT_ID" };
return callback(null, user, context);
}
return callback(null, user, context);
}
In the code above, if the user does not have access, they will be logged out and redirected to http://localhost:3000/?msg=access_denied
You could display an error based on the query param you send back.