Passwordless New Universal Login Shows No Error After Denying Access in Pre-Registration Action

Problem statement

When using New Universal Login with Identifier First and SMS passwordless connection, if a pre-user-registration action blocks access with api.access.deny(), the action triggers but the login page shows no error to the user, and the flow continues asking for the sms code, as if it was successful. The same occurs with passwordless email login attempts.


This is a known issue that the Auth0 engineering team intends to address. However, the timing of the fix release has not yet been determined.