Show error if chose unsupported location ( prefix of unsupported country)

Hi,
we’re using auth-lock 11.24.0
we are implementing passwordless login.

we are currently supporting only US users. is there a way to show error to the user in case submitting a location that is not US?

I know how to recognize the country location selection, but don’t know if there’s a way to initiate an error in specific cases like this.

I saw ‘Error Handling’ section here: GitHub - auth0/lock: Auth0's signin solution
not sure if relevant, and if so, how to use.

will appreciate any input

thanks!

Hi @nitzan.mazor,

Thanks for reaching out to the Auth0 Community!

I understand you’d like to restrict users from logging in and showing them an error when trying to log in from a country outside of the US.

To do so, you could use an Auth0 Rule and check if the user is authenticating from a country outside of the US. If so, you can deny them access and provide them with a custom error message.

function (user, context, callback) {
  if (context.request.geoip.country_code !== "US") {
    return callback(new UnauthorizedError('Access to this application has been temporarily revoked'));
  }
  callback(null, user, context);
}

Once that is complete, you’ll be able to support only US users.

I hope this addresses your use case, and please let me know if you have any further questions.

Thank you.

Hi @rueben.tiow ,

First of all thanks for your response!

Your code snippet might be very helpful for us also. I’m not sure I understand couple of things though:

  1. Where should I write it exactly and when should it be called?
  2. Where do I get user, context and callback from?

My second request is that other than restrict users by their geo location, I would like to restrict them by country prefix also.

To be clearer, if a user is outside the US, but signing in with a US number in a country we work with – it’s ok.

So I would like to pop an error if the member submits number that has prefix of a country that is not US.

Is this possible?

Hi @nitzan.mazor,

Thank you for your response.

You’ll need to go to your Auth0 Dashboard > Auth Pipeline > Rules > Create empty rule and insert that code snippet and save your changes. Then, you’ll be able to insert logic to support users only in a certain location. Note that Rules are executed post login.

In this case, you’ll need to check for the users’ phone number prefix and determine if it begins with +1 to grant them access.

function (user, context, callback) {
  if (user.phone_number[1] !== "1") {
    return callback(new UnauthorizedError('Access to this application has been temporarily revoked'));
  }
  
  callback(null, user, context);
}

However, be mindful that other country codes also begin with +1, such as Canada. It should not be an issue if you expect your users to log in with only US phone numbers, but it’s worth noting.

Please let me know how this works for you.

Thank you.

This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.