Hi Richard,
Thanks for that.
As far as I understand that has no impact on the login page, but rather redirects to what the login page is protecting, with details of the error in the query parameters.
For example, I currently have this rule:
function emailVerified(user, context, callback) {
if (!user.email_verified) {
return callback(new UnauthorizedError('Please verify your email before logging in.');
} else {
return callback(null, user, context);
}
}
But all it does is redirect back to my application (through an OAuth API Gateway) to handle the error via a query parameter. This would be OK, but I don’t have control over the application I’m protecting with Auth0, meaning that in my case the user just gets a 403 because their email is not verified (required for the app to work).