Universal Login, Showing error messages returned from rules

auth02 · January 7, 2019, 10:22pm

I am using the Universal Login page with a custom domain and I have a rule that whitelists email domains.
When the rule rejects a login attempt I am redirected to my callback url with the error appended as parameters:

I then redirect to my login page (with the params):

which executes the Auth0 login (using the PHP API):
$auth0 = new Auth0([ //stuff removed for brevity 'scope' => 'openid profile email user_metadata app_metadata', 'persist_id_token' => true, 'persist_access_token' => true, 'persist_refresh_token' => true, ]); $auth0->getUser()

At this point the params are lost and not displayed in my custom hosted login page.
How can I get the login page to automatically process the returned errors ? - or is there a way I can forwards the params and display them using lock.show e.g
lock.show({ flashMessage: { type: 'error', text: error_description_param_here } });

auth02 · January 2, 2019, 10:33pm

duh! Didn’t preview.
Here is the correctly formatted original post:

I am using the Universal Login page with a custom domain and I have a rule that whitelists email domains.
When the rule rejects a login attempt I am redirected to my callback url with the error appended as parameters:
blahblahblah.com/Home?error=unauthorized&error_description=Access%20denied.&state=...

I then redirect to my login page (with the params):
blahblahblah.com/Login?error=unauthorized&error_description=Access%20denied.&state=...

which executes the Auth0 login (using the PHP API):

$auth0 = new Auth0([ 
//stuff removed for brevity 
'scope' => 'openid profile email user_metadata app_metadata', 
'persist_id_token' => true, 
'persist_access_token' => true, 
'persist_refresh_token' => true, ]); 
$auth0->getUser()

At this point the params are lost and not displayed in my custom hosted login page.
How can I get the login page to automatically process the returned errors ? - or is there a way I can forwards the params and display them using lock.show e.g

lock.show({ flashMessage: { type: 'error', text: error_description_param_here } });

josh.cunningham · January 7, 2019, 10:22pm

Hi @auth02 … let me make sure I understand what you’re trying to do here. You want the Rule to process the login, accept or reject, then show whatever error you rejected with on the Universal Login page?

Probably the easiest way to do this is to handle it right in your application on an error page or your callback. So when this URL is loaded:

blahblahblah.com/Home?error=unauthorized&error_description=Access%20denied.&state=...

… you look for the error param and do your output there. If the action is to log in again, then have a link pointing to blahblahblah.com/Login to try again. Then you don’t need those parameters to survive multiple redirects. That will also catch any other errors that might happen on the ULP. Here’s an example of that I just put together for some upcoming documentation about this:

github.com

joshcanhelp/auth0-php-test/blob/master/login.php

<?php
require 'bootstrap.php';

// ======================================================================================================================
// login.php
use Auth0\SDK\Auth0;
use Auth0\SDK\Exception\CoreException;
use Auth0\SDK\Exception\ApiException;

// Handle errors sent back by Auth0.
if (! empty($_GET['error']) || ! empty($_GET['error_description'])) {
    printf('<h1>Error</h1><p>%s</p>', htmlspecialchars($_GET['error_description']));
    die();
}

// Initialize the Auth0 class with required credentials.
$auth0 = new Auth0([
    'domain' => getenv('AUTH0_DOMAIN'),
    'client_id' => getenv('AUTH0_CLIENT_ID'),
    'client_secret' => getenv('AUTH0_CLIENT_SECRET'),

This file has been truncated. show original

auth02 · January 8, 2019, 1:54pm

Hi Josh

Thanks for responding.

I was hoping there was a way to display the errors within the ULP for consistency as is suggested in the docs

If you are returning custom error codes from a rule or a custom database script, you can also add the error messages in the dictionary:

But the PHP library doesn’t seem to handle passing these parameters back to the ULP.

josh.cunningham · January 8, 2019, 8:48pm

Happy to help!

The method you’re using, Auth0\SDK\Auth0->login() does not take into account parameters, you’re correct. But you can build the link yourself and include those parameters if you want. The method is here:

github.com

auth0/auth0-PHP/blob/master/src/API/Authentication.php#L104


    ?string $scope = null,
    array $guzzleOptions = []
)
{
    $this->domain        = $domain;
    $this->client_id     = $client_id;
    $this->client_secret = $client_secret;
    $this->audience      = $audience;
    $this->scope         = $scope;
    $this->guzzleOptions = $guzzleOptions;

    $this->apiClient = new ApiClient( [
        'domain' => 'https://'.$this->domain,
        'basePath' => '/',
        'guzzleOptions' => $guzzleOptions,
        'returnType' => 'body',
    ] );
}

/**
 * Builds and returns the authorization URL.

… and an example of how that method is used is here:

github.com

joshcanhelp/auth0-php-test/blob/master/examples/auth-required.php#L21


if (! isUserAuthenticated()) {
    // Generate and store a state value.
    $transient_store = new CookieStore();
    $state_handler = new TransientStoreHandler($transient_store);
    $state_value = $state_handler->issue(Auth0::TRANSIENT_STATE_KEY);

    $auth0_api = new Authentication(
        getenv('AUTH0_DOMAIN'),
        getenv('AUTH0_CLIENT_ID')
    );

    // Generate the authorize URL.
    $authorize_url = $auth0_api->get_authorize_link(
        // Response requested by the application.
        'code',
        // Callback URL to respond to.
        getenv('AUTH0_REDIRECT_URI'),
        // Connection to use, null for all.
        null,
        // State value to send with the request.
        $state_value,

In your error handling, you can build out the authorize link if those error params are present.

konrad.sopala · August 29, 2019, 8:38am