Rails access_denied error - unable to authorise users. + Auto-login issue

We have two live issues on our enterprise rails platform.

This is using omniauth-auth0 (3.0.0) and omniauth-rails_csrf_protection (1.0.0)

1.) When a new user clicks ‘login’ and enters their credentials, they are immediately redirected back to the login page with an error Warningaccess_denied | Unauthorised email address. How do we give users authorisation?

Note: there is no “Authorize this app” page after providing the credentials. As soon as the user puts in their email and password and clicks submit, they are redirected back to our website.

The server log message is:

Started GET "/backoffice/auth0/callback?error=access_denied&error_description=[FILTERED]&state=..."
E, [2022-02-21T10:56:49.694673 #59158] ERROR -- omniauth: (auth0) Authentication failure! access_denied: OmniAuth::Strategies::OAuth2::CallbackError, access_denied | Unauthorised email address: [EMAIL]
Processing by Backoffice::Auth0Controller#failure as HTML
  Parameters: {"error"=>"access_denied", "error_description"=>"[FILTERED]", "state"=>"90f8c5cda16579cae904ac21661b24179311c27dc7c4d89c"}
Auth0 Error: access_denied | Unauthorised email address: [EMAIL] excluded from capture: DSN not set
Redirected to http://localhost:3000/backoffice

2.) After the user has logged in once (and failed), then subsequent attempts to log in don’t give the user the choice of which email to use, and instead instantly redirect back to the login page.

If it helps, here are the relevant pieces of code:

Rails.application.config.middleware.use OmniAuth::Builder do
  provider(
    :auth0,
    ENV['AUTH0_CLIENT_ID'],
    ENV['AUTH0_CLIENT_SECRET'],
    ENV['AUTH0_DOMAIN'],
    callback_path: '/backoffice/auth0/callback',
    authorize_params: {
      scope: 'openid profile'
    }
  )
end

OmniAuth.config.allowed_request_methods = [:post]
OmniAuth.config.on_failure = Backoffice::Auth0Controller.action(:failure)

module Backoffice
  class Auth0Controller < Backoffice::ApplicationController
    def index
      redirect_to backoffice_dashboard_index_path if helpers.admin_signed_in?
    end

    def logout
      audit!(action: :logout)
      session.delete(:backoffice_userinfo)

      redirect_to helpers.admin_logout_url
    end

    def callback
      # OmniAuth places the User Profile information (retrieved by omniauth-auth0)
      # in request.env['omniauth.auth'].
      # Refer to https://github.com/auth0/omniauth-auth0#auth-hash for complete
      # information on 'omniauth.auth' contents.
      #
      session[:backoffice_userinfo] = request.env['omniauth.auth']

      redirect_to backoffice_dashboard_index_path
    end

    def local_auth
      raise 'For development use only' unless helpers.auth0_bypass_in_local?

      request.env['omniauth.auth'] = { info: { name: 'Test User' } }
      callback
    end

    def failure
      error = request.env['omniauth.error']

      Raven.capture_exception(
        RuntimeError.new("Auth0 Error: #{error.message}")
      )

      redirect_to backoffice_path, flash: { alert: error.message }
    end
  end
end