After investigating, it’s not possible right now to send a human readable error from an Action to the Lock or Universal Login.
It’s also not possible to leverage the features of Rules and Actions together, because storing data between the two in the same flow is not possible, you would need to store data in an external api.
I’m surprised by this because why were Actions designed with this function api.access.deny(reason, user_message) when the user_message is never shown to a user when using Lock?
I would love to be proven wrong by someone from Auth0.
This makes it not possible for us to migrate from Rules to Actions.
I tried setting a part of the user.app_metadata in the Action, which could then later be read by a Rule, which can return an UnauthorizedError and a nice message.
This is not possible because the user.app_metadata does not update immediately from actions, so can’t be read from rules in the same flow, read more here
The docs for Actions api.user.setUserMetadata also say this:
Note: This method should not be used in callbacks. Invoking this method won’t update the metadata immediately.
So I have to abandon my use of Actions for now until these features exist:
- api.access.deny messages shown in Lock/Universal Login or translatable in some way from an error key, like the languageDictionary setup.
- passing properties or storing parameters for access between actions and rules.