Google-oauth2 locks the user in an account when said account is denied access

I am having an issue with the login which locks a user denied from an auth0 flow action with google-auth2 to login as a different account.

The Desired behaviour is as follows:

  • I attempt to log in to my site (which only has google-oauth2 authentication)
  • I am redirected to auth0 login screen.
  • I log in as UserA
  • An Auth0 Flow Action fires, and UserA is not allowed access, using some code like api.access.deny("not allowed");
  • It shows me the error “not allowed”
  • I attempt to log in to my site again.
  • I am redirected to auth0 login screen.
  • I log in as UserB.
  • UserB has access, so he is redirected back to the site.

What actually happens:

  • I attempt to log in to my site.
  • I am redirected to auth0 login screen.
  • I log in as UserA
  • An Auth0 Flow Action fires, and UserA is not allowed access.
  • It shows me the error “not allowed”
  • I attempt to log in to my site again.
  • It shows me the error “not allowed”. This is the undesired behaviour, since it does not let me change the email used to login, even tho I am not logged in.

In order to “fix” this I have to clear browser data, specifically on chrome “Cookies and other site data”. Since I tried clearing the cookies manually without success, I assume it is the “other site data” which is relevant. Is there a workaround for this?