UnauthorizedError in rule still redirects


I appreciate any help I can get. I’ve set up auth0 in our login flow and the “happy path” works just fine. However, I’ve also set up a rule that upon login does a call to our API and perform some permission checks. If the user doesn’t have the right permissions, I’m doing return callback(new UnauthorizedError('User unauthorized'));. However, the user is still redirected to the redirectURI, with an error in the url. I would expect the user to not be redirected in the first place and rather get an error message similar to when they attempt to log in with the wrong username/password. Is that possible?

Thank you

Hi @christian.borresen,

Welcome to the Community!

When an authorization error is thrown, the application must handle the error by using the error description in the URL. Unfortunately, you can’t display the error on the Universal Login page that is thrown in a rule since the rule runs after the user logs in.

Here is a detailed FAQ that explains more: Can I show errors raised in rules in the login page?

This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.