Add feature to display custom error messages from rules

[rolodato]

To reproduce, create a rule with the following content:

function (user, context, callback) {
  callback(new UnauthorizedError('Custom error message here'));
}

Custom error message is being returned but not shown:

Also, the error message being displayed is "Wrong email or password", which is incorrect.

[abgit]

👍 +1

[dhiva]

I tried doing the same to check email verification before allowing signin into the application.

function (user, context, callback) {
  if (!user.email_verified) {
    return callback(new UnauthorizedError('Your email is not verified yet.'));
  } 
  callback(null, user, context);
}

I get "server error" error which is too generic and the message I set in rules doesn't seem to be displayed.

[jculverwell]

I created this question on the same topic https://ask.auth0.com/t/force-email-verification-error-message/1145

It's been a while since this was first raised. Is this something that Auth0 plan to implement? Without it - it seems to negate the the use of rules as a way of introducing additional authentication logic.

Thanks

Jim

[rolodato]

Yes, this is coming soon. Authentication logic from rules is still usable because custom errors can be parsed by your application (not yet by Lock). Stay tuned!

[cristiandouce]

@jculverwell @dhiva This was implemented in the latest auth0/lock@v7.8.0

[bryanvaz]

Hi we could use this as well. We are currently using a custom rule to block blacklisted domains (see below), however we want the lock widget to display our error message instead of redirecting the user to an error page (this behavior is causing attrition on our site).

Rule Code:

function (user, context, callback) {
    var blacklist = ['gmail.com', 'example.org']; //authorized domains
    var userMayBeDenied = blacklist.some(
      function (domain) {
        var emailSplit = user.email.split('@');
        return emailSplit[emailSplit.length - 1].toLowerCase() === domain;
      });
    if (userMayBeDenied) {
      return callback(new UnauthorizedError('Personal email addresses are not allowed. Please use your company email to register.'));
    }
    return callback(null, user, context);
}

Cheers,

[gnandretta]

@bryanvaz Hi! could you please provide more details so we can track this down

• How are you constructing and showing the Auth0Lock instance?
• What is the connection's strategy that causes the issue?

I've tried with several connection and I was not able to replicate the issue.
Thank you for your help.

[jmarbutt]

This is closed but how did it get solved? How can we show custom rule error messages in the lock for web?

[cristiandouce]

@jmarbutt whenever you return something like

return callback(new UnauthorizedError('Your custom error message.'));

from a rule context. it will be displayed in Lock.

[yogipatel]

@cristiandouce Is that true in redirect mode as well?

[cristiandouce]

@yogipatel no. I asume you mean this issue then: /issues/637
Which was fixed by /pull/639.