Return Custom Error Message Back To User

richard.sanigar · November 24, 2020, 10:28am

Hi All

Please excuse the newbie question

We’re using a custom login script to authenticate using a Node.js aggregator service

In our code we are checking for the existence of an ‘errors’ element in the response with contains the error code from the underlying service:

    if (err || (JSON.parse(body).errors && JSON.parse(body).errors.length)) {
        return callback(new Error(), null);
    }

For the constructor new Error() , is there a method that takes, say the error code and error message

e.g. new Error(500, “Oops something went wrong”)

or can you throw a different type of Error object (Which affects the error message displayed to the user on the Universal login)?

e.g. return callback(new UnauthorisedError(), null);
return callback(new SystemError(), null);

Kind regards

Richard

lyndon.fawcett · November 24, 2020, 12:56pm

I’d also like to know the answer to this. Especially something that would affect the universal login page on an unauthorised user (e.g. email not verified).

As far as I can see through reading the docs, the callback only returns back info to the application via query parameters. Meaning you have to implement something in your app which handles URLs with params like: ?error=ErrorTitle&error_description=ErrorDescription.

Considering I’m protecting various services with this, it’s not always possible to handle the error in a nice way.

richard.sanigar · November 24, 2020, 3:37pm

Hi Lyndon

I found this page:

Which implies I can do either of the following:

return callback(new Error(‘My Custom Error Message’), null);
return callback(new UnauthorizedError(’[401] - Unauthorised Request’), null);

I will check the impact on the message on the Universal login message the user sees

Hope this helps

Regards

Richard

lyndon.fawcett · November 24, 2020, 4:32pm

Hi Richard,

Thanks for that.

As far as I understand that has no impact on the login page, but rather redirects to what the login page is protecting, with details of the error in the query parameters.

For example, I currently have this rule:

function emailVerified(user, context, callback) {
  if (!user.email_verified) {
return callback(new UnauthorizedError('Please verify your email before logging in.');
  } else {
return callback(null, user, context);
  }
}

But all it does is redirect back to my application (through an OAuth API Gateway) to handle the error via a query parameter. This would be OK, but I don’t have control over the application I’m protecting with Auth0, meaning that in my case the user just gets a 403 because their email is not verified (required for the app to work).