I am having an issue with the login which locks a user denied from an auth0 flow action with google-auth2 to login as a different account.
The Desired behaviour is as follows:
- I attempt to log in to my site (which only has google-oauth2 authentication)
- I am redirected to auth0 login screen.
- I log in as UserA
- An Auth0 Flow Action fires, and UserA is not allowed access, using some code like
api.access.deny("not allowed"); - It shows me the error “not allowed”
- I attempt to log in to my site again.
- I am redirected to auth0 login screen.
- I log in as UserB.
- UserB has access, so he is redirected back to the site.
What actually happens:
- I attempt to log in to my site.
- I am redirected to auth0 login screen.
- I log in as UserA
- An Auth0 Flow Action fires, and UserA is not allowed access.
- It shows me the error “not allowed”
- I attempt to log in to my site again.
- It shows me the error “not allowed”. This is the undesired behaviour, since it does not let me change the email used to login, even tho I am not logged in.
In order to “fix” this I have to clear browser data, specifically on chrome “Cookies and other site data”. Since I tried clearing the cookies manually without success, I assume it is the “other site data” which is relevant. Is there a workaround for this?