Passwordless New Universal Login doesn't halt on Pre-registration Action api.access.deny

When using a Pre-registration action, e.g. to validate the user’s email, after we set the access to deny (api.access.deny(‘deny_reason’) , the passwordless universal login proceeds showing the user an input field to enter the OTP code and a button to resend the code (although it correctly doesn’t send the OTP email/sms).

I know this is a known issue , but i’m wondering if a) the Auth0 team will release a fix soon and b) whether anyone has a workaround to continue using passwordless + email-validation without showing the OTP input fields/messages in the UI?

I’ve tried to trick auth0 to show it’s own ‘Email is not valid.’ error alert by setting event.user.email = “invalid_email@invalid” instead of api.access.deny(), but unfortunately it doesn’t help.

Many thanks in advance!

For anyone curious, this is how the bug manifests. The UI elements related to the OTP code should not be shown, because the custom Pre-Registration action blocked it with api.access.deny(‘denyReason’).

@Auth0: this is a super embarrassing silly bug, when can we expect a fix please?

image665×821 23.5 KB

Same here - is there some kind of timeline for this? It’s been 4 months since the original issue

Still happening a year later. I guess at least the SMS is not sent.

Hi team!

This is just a heads-up that we’ll be hosting an Ask Me Anything (AMA) session all about Universal Login, and this question is relevant to our event. Auth0 by Okta Subject Matter Experts will answer your question on Thursday, October 24th, from 9 a.m. to 11 a.m. PST.

Have more questions about customizing your login experience, boosting security, or implementing advanced features?

Drop your questions in this thread before October 23rd, and our experts will provide answers during the AMA!

Plus, you’ll earn points and a special badge for participating!

Ask Me Anything: Tailor Your Experience with Universal Login — From Low-Code to Pro-Code

Thanks
Dawid