Problem Statement
We have a post-login action that will use api.access.deny to block users if they try to log in with a certain email domain. They get redirected to an error page, but when they try to go back to the login screen to enter their correct credentials, they are immediately routed back to the error page. How can we get the login screen to reappear for these users?
Cause
The reason you’re being immediately redirected to your application’s callback URL is because Rules and Post-Login Actions execute after a successful login. So the user authenticates, is then blocked by your Rule or Action, and the access_denied response is returned to your application. This blocked user has an active Auth0 session.
Solution
To kill your session, you’ll need to redirect to the /v2/logout endpoint if you wish to attempt another login again; otherwise, Auth0 will see their session, execute the Action, and return them automatically to your Application’s callback with the access_denied error.