Callback UnauthorizedError not deleting auth0 cookie for a domain

We have this snippet of code in an Auth0 rule to check if the given user is inactive. This functionality is part of our application where user access is disabled for a specific resource.
When an inactive user tries to login in our Java Web App, the rule is invoked and a callback with an UnauthorizedError is returned. In our CallbackController, we see this error and show user an error saying they are not allowed to login at this point.
But now I want to get back to the login screen to login as a different user but we keep getting redirected to the error page. The reason this is happening is as follows:
When a user logs in with their credentials, Auth0 creates a cookie named “auth0” for that domain. But when we throw the UnauthorizedError, it doesn’t delete this cookie causing this behavior of repeated display of the error page.

Here is rule snippet:
if (userInfo.status === ‘INACTIVE’) {
return callback(new UnauthorizedError(‘inactive_user’));

If we manually delete this cookie from the browser, the login page is displayed as expected.
Why is Auth0 not clearing this cookie when UnauthorizedError is thrown?
How do we resolve this?

Many thanks


Hey @yshridhare !

As it has been more than a few months since this topic was opened and there has been no reply or further information provided from the community as to the existence of the issue we would like to check if you are still facing the described challenge?

We are more than happy to assist in any way! If the issue is still out there please let us know so we can create a new thread for better visibility, otherwise we’ll close this one in week’s time.

Thank you!

This topic was automatically closed after 5 days. New replies are no longer allowed.