I am trying to handle the following situation:
- I have 2 organizations: A and B.
- I have a user, M, that is a member of A but not B.
- M tries to login using their credentials for A but for B’s organization login page.
What is the proper way to handle this?
I would like to display a “wrong email and password” message on the login page as this user did not enter valid credentials for this organization, but this does not seem possible to do as the request continues through and the /callback endpoint in my application is then called by auth0, as if it were a successful login, except there is a payload that tells me this user does not belong to that organization. There does not seem to be a good way to redirect back to the universal login page for the organization and display an error message to this user now.
Any ideas?