What does "access_denied" > "No Access" mean when trying to log in?

Hi. We’re running a custom login form that connects to a regular auth0 database connection for login. We can log in successfully with Google but when we try to log in with a user in the database we get the following error result:

Error: “access_denied”
Description: “No Access”

We’ve double checked that we have the right username and password (the login request works, and redirects us to our callback url). We’ve double checked the realm name (we get a 404 error if we don’t use the right database name.) We’ve checked that we have the right client ID. We can still log in with Google or another non-database method. None of the documentation explains what “No Access” means. Can someone help point me in the right direction?

Log entry of the failed login:

{
  "date": "2023-03-22T16:53:10.827Z",
  "type": "f",
  "description": "No access",
  "connection": "Regular-Database",
  "connection_id": "con_zyuWKeE5vbftrdFh",
  "client_id": "gEcLl7HKYfOReHoOfO4ifMAeIE0Z41hc",
  "client_name": "Client",
  "ip": "2001:569:be00:dd00:7cd7:4bb:b47a:2269",
  "user_agent": "Firefox 110.0.0 / Mac OS X 10.15.0",
  "details": {
    "body": {},
    "qs": {
      "state": "8rYvwdb9zv892XPtqVXaFgoe8pzpOoUH"
    },
    "connection": "Regular-Database",
    "error": {
      "message": "No access",
      "oauthError": "access_denied",
      "type": "oauth-authorization"
    },
    "session_id": "WsgM9eIm4oajcYQ4GRvNIM6agxz_nVSZ",
    "actions": {
      "executions": [
        "PzEmDivQS06N2EuQXZPBFzIwMjMwMzIy"
      ]
    },
    "stats": {
      "loginsCount": 17
    }
  },
  "hostname": "our-domain.auth0.com",
  "user_id": "auth0|6419f89c8ac1792a9a3b6fb5",
  "user_name": "username",
  "strategy": "auth0",
  "strategy_type": "database",
  "audience": "https://our-domain.auth0.com/userinfo",
  "scope": [
    "openid",
    "email",
    "profile"
  ],
  "log_id": "90020230322165313534202000000000000001223372039073226448",
  "_id": "90020230322165313534202000000000000001223372039073226448",
  "isMobile": false,
  "id": "90020230322165313534202000000000000001223372039073226448"
}

Hi @tgraboski,

Thanks for reaching out to the Auth0 Community!

I found the "Access denied" error coming from your “Check if user email domain matches configured domain” Rule. Specifically, on line 18, you are throwing this error for domains that are not whitelisted.

After looking closely at the logs, I confirmed that the user logging in was using a non-white-listed domain.

With that, I can confirm that the error is happening due to users logging in with non-whitelisted domains.

I hope this helps!

Please reach out again if you have any further questions.

Thanks,
Rueben

2 Likes

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.