i’ve successfully integrated auth0 into my vue app following these steps. i’ve also restricted email domains following this instruction.
this works fine until a user signs in with an email that is not whitelisted. after an unauthorized sign in, i’m guessing that a session is still created because it is a valid google account. then, the whitelist rule steps in and prevents authentication (meaning $auth.isAuthenticated still returns false). when the user tries to sign in again, they’re unable to access auth0’s sign-in page again and is returned to https://localhost:<PORT>/?error=access_denied&error_description=Access%20denied.&state=<STATE> and they’re not redirected to any auth0 error page.
i did some testing. if i were to $auth.logout({returnTo: window.location.origin}); after signing in with a non-whitelisted email, i can sign in again. otherwise, clearing sessions/cookies locally will still prevent me from signing in again. adding a logout button means an extra step for the user, so it is not an ideal solution.
is there a way to prevent a session from being created if it is a not whitelisted email domain? if not, it’s fine. i just need to make sure the user is able to access auth0 sign in page again and re-signin after authentication is prevented because of a non-whitelisted email domain.
do you have any suggestion on how to achieve the desired behavior? please help this newbie out with plain explanations