Hi,
I’ll describe the problem again:
Scenario:
- A user has two google accounts - Account-X and account-Y.
- He open Gmail of Account X on his browser
- Account X does not exist in the system -only Account Y
- He would like to log in with his Google Account Y
- He Clicks on the Google icon at the LOCK
- Since his browser was already logged in to Account X, Google does not ask for credentials and logs him immediately with account X
- Our application gets from Auth0 the information that this account passed authentication
- Since this account does not exist in the system, our app treat it as a new signup and provision tenant to the user instead of erroring out as “non-existing user”
I was expecting that if I’m in the login tab of the LOCK and logging in with Google, Auth0 will not pass the login if the user doesn’t exist.
Google will approve the authentication, but Auth0 should reject it.