Hi @aledev,
Thank you for the clarification and update.
After looking into this, it seems that using Identifier First with Passwordless is leading to this behavior where the error is not shown. This is by design to prevent user enumeration attacks by not exposing a legitimate user’s email address.
Let me also add that you can check your Auth0 Logs to see what actually happens when a user is prevented from logging in. In this scenario, you should expect a Failed Login log event with the “Failed to send email notification” error description.
I hope the explanation was clear!
Please let us know if you have any additional questions.
Thanks,
Rueben