Hi,
We have a SPA that uses auth0-react for handing authentication. Our login has a Post Login action that sets
{PostLoginAPI} api api.access.deny(message)
if the user does not have access tot the requested audience.
We show this message to the end user in react, but unfortunately the user is technically still logged in (in the auth0 login domain) so Auth0 not present the Login dialog again.
I would actually expected that the user would get an error message in the auth0 dialog box if we set api.access.deny(message)
The only way to get out of this seems to be to remove the cookies voor for the login domain (so the user can log in again with another (proper) account.
Is there any way we can make the experience more user friendly if users use the wrong account to log in?
Robert