Hi @neill_0,
Welcome to the Auth0 Community!
I understand that you have experienced issues with exiting the Post Login Action when using the api.access.deny() method.
First, to address your questions:
Yes, this is correct and the expected behavior.
No, the api.access.deny() method will exit the Action flow and show the error message to the user.
The api.access.deny() is the correct method to exit a flow from an Action.
After testing this myself, I could not reproduce the same observations as you. Instead, I was able to exit the Action flow successfully. I checked this using the Real-time Webtask Logs extension with two additional Action scripts to print a message before and after the Deny Action script to verify the behavior.
In this situation, I would recommend using the Real-time Webtask Logs Extension to troubleshoot your Action scripts.
To add on, I have checked your Action scripts on your Tenant and can see the scripts you mentioned and see no visible issues with them. I would expect the Action to exit as usual when it reaches your conditional statements.
I hope this helps!
Please let me know how things go and if you have any further questions.
Thanks,
Rueben