I encountered an issue in testing that I don’t want customers to experience in production. If I get to the MFA page after entering valid credentials for the wrong user, I cannot go back and change to a different user. There is no back button on the MFA page, and closing the browser window and attempting to log in again takes me straight to the MFA page.
We expect our users to often use shared computers, so I wouldn’t be surprised if this actually happened to someone. How do you cancel a login once the MFA page is already reached, and can this be made more clear?
-
I go to my webpage, click login, and it redirects to auth0, as intended.
-
I enter my credentials, hit enter, and am redirected to MFA, as intended.
-
There is no option to cancel this login on the MFA window, so I closed the window and navigated back to my app.
-
I click the login button again, and when I’m redirected to the login page, I am presented with the MFA window immediately, with no request for email/password.