Problem statement
When using New Universal Login with Identifier First and SMS passwordless connection, if a pre-user-registration action blocks access with api.access.deny(), the action triggers but the login page shows no error to the user, and the flow continues asking for the sms code, as if it was successful. The same occurs with passwordless email login attempts.
Solution
This is a known issue that the Auth0 engineering team intends to address. However, the timing of the fix release has not yet been determined.