While we were migrating from Legacy Lock API to universal hosted page route. Once we completed all the migration as per docs we checked the logs there was no depreciation notices. Then as a last step we toggled the legacy lock API settings to disable. We started getting error for user login" Wrong email or password " . We reenabled the legacy API settings and it started working. Finally we looked at our hosted pages and by mistake “allowedConnections” paramter twice with different values. Problem is neither in logs nor anywhere it was indicating this. We just happened to redo our Universal login page again and got it working. Hope this helps someone else facing similar issue in the community. Thanks.