We are trying to do testing of our application using a couple users registered in Auth0 using a single gmail.com email address with “+” signs to differentiate (e.g. someone+admin1@gmail, someone+admin2@gmail, etc.). We do this to simplify our testing (uses one single mailbox in Gmail) while allowing for multiple separate accounts in Auth0.
The behavior we continue to see is the constant need to reset the password on the Auth0 account every time someone else wants to login with that email address. The password hasn’t been changed but the new user sees “Invalid email address or password” while trying to login through Auth0 universal login page. Is this a byproduct of sharing IDs, using “+” gmail aliases, or something else?
It feels like there is a hidden risk assessment going on in Auth0 that detects the login coming from a different IP or location (our testers are working remotely around the US right now).
Any light anyone can shed would be helpful.