Stop Forms/Flows for unsuccessful login path

Hi All,

I’m trying to customize my login experience to introduce a step for user to confirm a sorta-OTP. I give them 3 attempts to enter it correct. How can I fail the login process and stop it from continuation to the app?

My current end node configured for a happy path to “continue”, but I’m struggling to setup an “unhappy” path. I see that ending node can have an additional flow, but then again, how in that flow I can stop login journey for a user?

Any thoughts? Thank you in advance!

Hi @phi1ipp

Thank you for reaching out to us!
At this moment there is no option of counting or setting a limit to the number of incorrect OTP attempts within Forms. The standard limit is 10 attempts, after which the user is forced to re-send the OTP and generate a new one. You can find more information on our Knowledge Article.

If you would want, you could you create a Feedback request asking to implement the possibility of a count or limit of the incorrect OTP attempts.
The feedback request includes a voting system where feedback requests with higher votes have higher implementation priority.

Have a great one!
Gerald

Hi @gerald.czifra ,

I wanted to clarify. Let’s assume it’s not OTP. It’s a process of asking a user to provide a piece of information.

I want to limit users to only do that 3 times, for that I build 3 forms (for each attempt) and chained them together. If one of the validations worked I jump to the end node (it’s success).

I wanted to know how can I stop my custom Form/Flow process with “failure”, after I exhausted all my steps in the process and user was not able to provide right info.

Thx

Hi @phi1ipp

Please excuse my absence, after doing some testing on this matter, there isn’t a built-in way of stopping the Form or setting a counter within it, however one workaround could be to use api.access.deny( ) within the Action based on specific criteria. I’m still using the OTP example you mentioned, but this should be applicable in other cases as well :

  • create 3 steps where OTP is requested;
  • if OTP is correctly provided, add some metadata to the user and allow them access;
  • if they answer incorrectly 3 times, remove the metadata and deny them access based on the existence of that metadata.

This would probably need for that metadata to be added to all target users beforehand, but using metadata should be a way to get this working as intended.

We would love to have your input on this, if a way to stop Forms is something that you want to see. You can submit a feature request and if more people from the Community find this useful, they can vote, which increases the changes of it becoming a feature.

Let me know if this helped!
Gerald

Hi @gerald.czifra !

Thank you for finding some time to describe a possible solution to this challenge. It might help people coming after me. I worked with Auth0 Support team on this problem and they also came up to the similar solution to the one which you described.

To summarize we have couple challenges here:

  • repetitive steps in Forms (looping)
  • stopping Forms from successful finishing before returning back to Action (failed authentication scenario)

In the end we decided unfortunately to not pursue the Forms approach, as our app team really wanted to stop the authentication process at Auth0 screens and to not return control back to the application with an error.

As an alternative we started looking at a possibility of creating a custom app which would do all the bullet points above as an extension of Auth0 login process, essentially becoming a part of a user authentication journey.

Yes, we asked our Tech Acc Manager to open a feature request for the same.

I really appreciate your time and effort spent on researching of this problem.

Regards,
Philipp