Password Validation Message Shows on event.api.deny

Password validation is showing after preUserRegistration Action.

api.access.deny('foo','bar') in a preUserRegistration action displays the message under the password field (better if I could control the location) but the password validation message also triggers. This is very confusing to users. Is this a bug in the new Universal Login?

Hi @sevo,

Thanks for reaching out to the Auth0 Community!

I understand that you observed the Password Validation policy message when you anticipate denying the user access.

First, it appears that you may have misused the command, instead could you please try with the following syntax:


For example:


After doing so, you should be able to deny users access with your custom message.

Hoped this helps!

Please let me know if there’s anything else I can do to help.

Thank you.

Hi Rueben,

I am using the overloaded function call that provides the internal reason plus a message param. Following your syntax, aka api.access.deny(‘reason’), the internal message for logging purposes would be defined and the user would see a generic message “Access Denied”. AccessAPI.deny(reason: string, userMessage: string): however, provides a custom message to the user. Both result in the password validation message appearing in addition to the custom or generic error message from api.access.deny.

1 Like