Open Closed

Message not displayed for users who are inactive in external provider #9545


User avatar
0
ademaygun created
  • Steps to reproduce the issue:
  • Login with admin
  • Go to Settings ->Account -> External providers enable google provider
  • Passive a user that you can log in with an external provider(google) and try to log in with that user via Google.

I activated the Google external provider in one of my projects. If the user logs in with a local login when isActive=false, the warning "You are not allowed to log in! Your account is inactive or needs to confirm your email/phone number" is given. If the same user logs in with Google, they stay on the login page but the same warning message should come but it does not.


8 Answer(s)
  • User Avatar
    0
    AI-Bot created
    Support Team ABP Agent

    To ensure that the same warning message ("You are not allowed to log in! Your account is inactive or needs to confirm your email/phone number") appears for both local and external (Google) logins when a user is inactive, you need to implement user status validation in the external login flow as well.

    In ABP, the local login typically checks user status in the LoginModel. For external providers, you should override the external login callback to perform the same validation. Here’s how you can do it:

    1. Override the External Login Callback
      In your LoginModel (or equivalent for external login), override the method that handles the external login callback. After retrieving the user from the external provider, check the IsActive property (or your custom status logic).

      public override async Task<IActionResult> OnGetExternalLoginCallbackAsync(string remoteError = null)
      {
          // ... existing code to get externalLoginInfo and user
      
          var user = await UserManager.FindByLoginAsync(externalLoginInfo.LoginProvider, externalLoginInfo.ProviderKey);
      
          if (user != null && !user.IsActive)
          {
              Alerts.Danger("You are not allowed to log in! Your account is inactive or needs to confirm your email/phone number");
              return Page();
          }
      
          // ... continue with the normal flow
      }
      
    2. Angular UI Handling
      Make sure your Angular UI displays the error message returned from the backend. The ABP Angular template typically shows backend validation errors as toasts or inline messages.

    3. Consistent Validation
      Ensure that both local and external login flows use the same validation logic for user status. This avoids discrepancies in user experience.

    4. Customizing the Error Message
      If you want to customize the error message or localization, use the Alerts.Danger method or equivalent in your overridden method.

    This approach ensures that inactive users receive the same warning regardless of the login method.

    Sources:


    This response was generated by AI. If it didn’t solve your problem, feel free to post a new answer — our support team will jump in to help you soon.

  • User Avatar
    0
    ademaygun created

    Hi, I think this is a bug, so it would be better if you solve this issue.

  • User Avatar
    0
    EngincanV created
    Support Team .NET Developer

    I activated the Google external provider in one of my projects. If the user logs in with a local login when isActive=false, the warning "You are not allowed to log in! Your account is inactive or needs to confirm your email/phone number" is given. If the same user logs in with Google, they stay on the login page but the same warning message should come but it does not.

    Hi, thanks for the update. Just to clarify, although there's no warning message, are you successfully logged in? Or is the issue purely visual, where the login works as expected but the UI doesn't reflect it (i.e., no success or warning messages displayed)?

    Could you please confirm whether the problem is related only to the UI feedback or if the authentication itself is not functioning?

  • User Avatar
    0
    ademaygun created

    Hi Engincan, It did not allow login (this is expected behavior) only this warning message did not come. (MVC UI- Authorization Code Flow)

  • User Avatar
    0
    EngincanV created
    Support Team .NET Developer

    [ademaygun] said: Hi Engincan, It did not allow login (this is expected behavior) only this warning message did not come. (MVC UI- Authorization Code Flow)

    Okay, thanks for the clarification. I'll check this and write you back.

  • User Avatar
    1
    EngincanV created
    Support Team .NET Developer

    Update: I'm able to reproduce this problem and created an internal issue (#20272).

  • User Avatar
    1
    ademaygun created

    Hi Engincan, While you're at it, if you could change the Google logo as in the link, it would be more standard, thank you. replace with

  • User Avatar
    1
    berkansasmaz created
    Support Team .NET Developer

    Hi Ademaygun,

    Thank you for your recent valuable feedback. I will open a separate issue to track this(#20294). We will proceed with using the suggested logos for Google and other popular options.

    Closing this issue now. Feel free to re-open it or create a new one if you have further questions.

Boost Your Development
ABP Live Training
Packages
See Trainings
Mastering ABP Framework Book
The Official Guide
Mastering
ABP Framework
Learn More
Mastering ABP Framework Book
Made with ❤️ on ABP v10.1.0-preview. Updated on October 07, 2025, 05:59