diff --git a/apps/core/src/components/affine/auth/sign-in.tsx b/apps/core/src/components/affine/auth/sign-in.tsx
index 88e8402937..87ee60404f 100644
--- a/apps/core/src/components/affine/auth/sign-in.tsx
+++ b/apps/core/src/components/affine/auth/sign-in.tsx
@@ -3,12 +3,13 @@ import {
   CountDownRender,
   ModalHeader,
 } from '@affine/component/auth-components';
-import { getUserQuery } from '@affine/graphql';
+import { type GetUserQuery, getUserQuery } from '@affine/graphql';
 import { Trans } from '@affine/i18n';
 import { useAFFiNEI18N } from '@affine/i18n/hooks';
 import { useMutation } from '@affine/workspace/affine/gql';
 import { ArrowDownBigIcon, GoogleDuotoneIcon } from '@blocksuite/icons';
 import { Button } from '@toeverything/components/button';
+import { GraphQLError } from 'graphql';
 import { type FC, useState } from 'react';
 import { useCallback } from 'react';
 
@@ -56,7 +57,25 @@ export const SignIn: FC<AuthPanelProps> = ({
     }
 
     setIsValidEmail(true);
-    const { user } = await verifyUser({ email });
+    // 0 for no access for internal beta
+    let user: GetUserQuery['user'] | null | 0 = null;
+    await verifyUser({ email })
+      .then(({ user: u }) => {
+        user = u;
+      })
+      .catch(err => {
+        const e = err?.[0];
+        if (e instanceof GraphQLError && e.extensions?.code === 402) {
+          setAuthState('noAccess');
+          user = 0;
+        } else {
+          throw err;
+        }
+      });
+
+    if (user === 0) {
+      return;
+    }
     setAuthEmail(email);
 
     if (user) {
diff --git a/apps/server/src/modules/users/resolver.ts b/apps/server/src/modules/users/resolver.ts
index f7e629030c..b67516ffb4 100644
--- a/apps/server/src/modules/users/resolver.ts
+++ b/apps/server/src/modules/users/resolver.ts
@@ -1,7 +1,7 @@
 import {
   BadRequestException,
   ForbiddenException,
-  HttpException,
+  HttpStatus,
   UseGuards,
 } from '@nestjs/common';
 import {
@@ -15,6 +15,7 @@ import {
   Resolver,
 } from '@nestjs/graphql';
 import type { User } from '@prisma/client';
+import { GraphQLError } from 'graphql';
 import GraphQLUpload from 'graphql-upload/GraphQLUpload.mjs';
 
 import { PrismaService } from '../../prisma/service';
@@ -120,9 +121,14 @@ export class UserResolver {
   @Public()
   async user(@Args('email') email: string) {
     if (!(await this.users.canEarlyAccess(email))) {
-      return new HttpException(
+      return new GraphQLError(
         `You don't have early access permission\nVisit https://community.affine.pro/c/insider-general/ for more information`,
-        401
+        {
+          extensions: {
+            status: HttpStatus[HttpStatus.PAYMENT_REQUIRED],
+            code: HttpStatus.PAYMENT_REQUIRED,
+          },
+        }
       );
     }
     // TODO: need to limit a user can only get another user witch is in the same workspace