UnauthorizedErrors are not received in lock widget callbacks

[udayakr]

We developed android application and its under beta testing. Here is the scenario which is failing.
When user has not verified email id and is trying to login via android app (uses auth0 lock widget). Lock widget is not recieving callbacks from the auth0 eventhough we have created a rule (Force email verification).
Hence our android app is not able to take user to corresponding screen (resend email verification screen

Describe the problem

We have creted "Force email verification" rule in auth0. When user whose email is not yet verified is trying to login via android lock widget to auth0, the callback is not called by passing UnauthorizedError object we are throwing in auth0 Rule

What was the expected behavior?

the callback should contain the UnauthorizedError object and that should be passed back to android lock widget

This functionality is working for IoS mobile lock widget and webclient (javascript using react js) lock widget.
This certainly looks to be an issue with handling errors in android lock widget code of auth0

[lbalmaceda]

👋 @udayakr thanks for raising this. In case of a "rule error", what the library will do today is take the error message that you return from the rule code and display that in the orange toast that appears on the top. You could add a message like "email not verified" for the user to notice that.

Other errors that we also handle internally are invalid username/password, invalid mfa token, password not strong enough, user is blocked, etc. Think of those that today rely on this banner appearing showing the message they've defined from the rule code; that would no longer be shown and the exception would be raised through the callback and they would not be expecting that. As you may notice, a change in the way we handle errors could pose a breaking change for existing customers.

Lock libraries are meant to simplify these use cases and handle some of the errors the server returns. While I agree consistency across platforms is ideal, for the current major of this library, this change is not possible. You can always take Auth0.Android, the SDK this library uses internally, and customize your experience.

[udayakr]

@lbalmaceda Thanks for your response. Can you tell me the file name which has source to customize for our requirements ?
is Auth0.Android is the filename ?

[lbalmaceda]

This library (Lock.Android) makes use of the Auth0 SDK for android (Auth0.Android) to perform API calls. What I said above is that if you'd like this feature today, you can either:

a. Fork this repository (Lock.Android) and update it to handle the error to fit your specific use case. That would be something similar to what we do here to handle MFA errors. Note that there are 3 callback implementations: log in, sign up, and web authentication. Check which one would apply to your use case. Also, remember that if you fork the repository you are responsible for pulling the changes we will keep introducing to the library.

b. Construct your own UI and use the SDK (auth0.android) to make the API calls. You can find docs along with some snippets in the SDK repository. We also have quickstarts that explain the basic setup and web authentication.

I hope that helps.

[lbalmaceda]

This change will be available in the next major version which is actively being developed.

[lbalmaceda]

Fixed with #618