User in a Redirecting Loop after Account is Manually Blocked

Overview

When blocking a user via the tenant Dashboard, they enter a redirection loop to the login page.

Applies To

  • Blocked Users
  • Redirection Loop

Cause

When a user is blocked, Auth0 returns to the application’s callback URL the following:

https://<callback URL here>#error=unauthorized&error_description=user%20is%20blocked

If the application automatically redirects unauthenticated users / responses with errors to the /authorize endpoint, looping can occur.

Solution

Applications should be implemented to handle errors returned from Auth0 and render appropriate information to the user; in most scenarios, automatically redirecting to the /authorize endpoint in the event of an error will lead to the same error occurring and starting a loop.

Upon receiving an error on the callback URL, the application should be coded to render an error message to the user based on the error description returned, customizing the wording if desired. A list of the standard errors can be found starting here:

As a basic example, the React quickstart checks for the presence of an error in the application’s state, then using the SDK built-in error class, renders the message on page load instead of the usual page and does not attempt to log the user in again:

If using a different framework, check out the relevant Auth0 quickstart to see how it handles errors to use as a starting point: