Passwordless New Universal Login doesn't halt on Pre-registration Action api.access.deny

When using a Pre-registration action, e.g. to validate the user’s email, after we set the access to deny (api.access.deny(‘deny_reason’) , the passwordless universal login proceeds showing the user an input field to enter the OTP code and a button to resend the code (although it correctly doesn’t send the OTP email/sms).

I know this is a known issue , but i’m wondering if a) the Auth0 team will release a fix soon and b) whether anyone has a workaround to continue using passwordless + email-validation without showing the OTP input fields/messages in the UI?

I’ve tried to trick auth0 to show it’s own ‘Email is not valid.’ error alert by setting = “invalid_email@invalid” instead of api.access.deny(), but unfortunately it doesn’t help.

Many thanks in advance!

For anyone curious, this is how the bug manifests. The UI elements related to the OTP code should not be shown, because the custom Pre-Registration action blocked it with api.access.deny(‘denyReason’).

@Auth0: this is a super embarrassing silly bug, when can we expect a fix please?

Same here - is there some kind of timeline for this? It’s been 4 months since the original issue