Auth0 Home Blog Docs

Unsure how to map "UnauthorizedError" to actual route.

aspnet-core

#1

I am using ASP.NET Core 2.0 with JWT, and am trying to figure out how to get my users to see a page telling them to validate their email after registration.
I’ve added the custom rule, as seen below;

function (user, context, callback) {
  if (!user.email_verified) {
    return callback(new UnauthorizedError('Please verify your email before logging in.'));
  } else {
    return callback(null, user, context);
  }
}

But I don’t understand any of this. I can’t figure out what “UnauthorizedError” is supposed to be, in relation to my own site. I am having a hard time figuring out how to just get it to send them to [XYZ ROUTE] on my WebAPI to show them the actual page.

Is there any way I can accomplish this? I’ve read through the documentation ad-nauseum and It’s just not making much sense to me.


#2

Assuming an OIDC configuration fairly similar to the ASP .NET Core 2.0 quickstart then the client application initiated an authorization code grant which if completed successfully will return a code parameter to the redirect URL so that it can be exchanged by tokens.

When you include a custom rule such as the one you showed the UnauthorizedError triggered by the rule will fail the authentication request which translation to OIDC/OAuth 2.0 terms means that the client application will now receive an error response instead of a successful authorization response containing the code parameter.

In addition, an error response according to OAuth 2.0 will contain a mandatory error parameter and optionally and error_description and error_uri. For the rule in question you will be getting error= unauthorized and error_description=Please verify your email before logging in..

If you then configure your client application to do something like:

options.Events = new OpenIdConnectEvents
{
    OnMessageReceived = context =>
    {
        if (context.ProtocolMessage.Error == "unauthorized")
        {
            context.HandleResponse();
            context.Response.Redirect("/Unauthorized");
        }

        return Task.FromResult(0);
    },
};

You can effectively redirect the end-user to custom page when an protocol message is received and containing an unauthorized error. You can further tweak the conditions; the above is just for illustration purposes.


#3