Auth0 failure messaging

(Alonza Spain) #1

We are using Auth0 for authentication and assigning permissions to access separate documentation. The failed login messages being returned when a user does not have permissions is misleading and confusing. It appears that all failure status is being displayed as a generic message to the user. The message is also unfavorable to whitelisting. The suggestion is to pass through the actual message description from Auth0.

Stoplight Auth0 genericAuth0%20Permissions%20Error message: Invalid Auth0 Credentials

Auth0 message description: You do not have the required role to access Developer Center.Auth0%20Error%20Description

(Taylor Barnett) #2

Hey @alonza.spain, this is great feedback. I’ll make sure to open up a ticket to work on improving this in a future sprint.

(Alonza Spain) #3

Hi Taylor - any idea on when this suggestion may become a reality. There are several rules we have initiated within Auth0 to authenticate users into the appropriate applications along with additional rules we want to implement in the future. Unfortunately, the generic messaging has increased the level of support we have to provide our end users by manually or verbally delivering the authentication failure reason.

(Taylor Barnett) #4

Sadly, it did not make it into the current sprint. I’ll try to see how much work it would be to get into the next sprint, hopefully it wouldn’t be much.