Hi - We’re using the auth0-nextjs sdk to enable logins in our nextjs app. We have some custom behavior - a post-login action that calls our api to check whether a given user should have access or not, and a custom handler for the /api/auth/callback route that routes the user to a specific page (call it /post-signup) within our app if the route receives a specific message with the login denial. We also have some state management on the post-signup page so that when the user reloads the page, it redirects the user to the /login route, so the user can use the cookie/token they got from the previous login attempt to check if we’ve granted them access and they can successfully log in. In dev, when the user reloads the post-signup page, they see a quick flash while they’re redirected to the login route, and then they land on the post-signup page again, or they’ll see our home page if they have an access grant.
The issue we’re having is with the last step - it works fine in our dev tenant, but in prod, after a denied login, the user lands on the post-signup page. But when we redirect the user to the login route, they end up on the universal login form. Why do we end up with a cookie that’s usable for login after a denied login in dev, but not in prod? Is there any way to make prod behave the same way as our dev tenant?
For reference, this issue describes an aspect of the behavior that we want: Cannot get back to login screen after getting denied by post-login action