fwiw I found an example of what I was looking for in another thread:
exports.onExecutePostLogin = async (event, api) => {
if (event.stats.logins_count !== 1) {
// do nothing for subsequent logins, only care about the first one.
return;
}
try {
// post to our backend here with the user id from the meta data.
} catch (e) {
// very rare but incase our backend is unavailable
console.log(e);
api.access.deny('Could not log you in at this time');
}
};
Which redirects to your callback url with the error query params:
https://manage.auth0.com/tester/callback?connection=google-oauth2&error=access_denied&error_description=Could%20not%20clog%20you%20in
I haven’t implemented this yet but this is the direction I’m going to go in