Reusing test IDs across multiple users causing login issues


We are trying to do testing of our application using a couple users registered in Auth0 using a single email address with “+” signs to differentiate (e.g. someone+admin1@gmail, someone+admin2@gmail, etc.). We do this to simplify our testing (uses one single mailbox in Gmail) while allowing for multiple separate accounts in Auth0.

The behavior we continue to see is the constant need to reset the password on the Auth0 account every time someone else wants to login with that email address. The password hasn’t been changed but the new user sees “Invalid email address or password” while trying to login through Auth0 universal login page. Is this a byproduct of sharing IDs, using “+” gmail aliases, or something else?

It feels like there is a hidden risk assessment going on in Auth0 that detects the login coming from a different IP or location (our testers are working remotely around the US right now).

Any light anyone can shed would be helpful.


Hey @dlawless - welcome back to the Auth0 Community!

Can you DM me the name of your tenant? I’d like to look into this a bit further, maybe there’s some info I could dig up.


Hi again, @dlawless,

I can’t find anything on my end that I would strike as odd. This is a model that I personally use for testing too without issues.

Could it be that someone else is accidentally changing the password? There is a last_password_reset property within each user, which you can see in the Dashboard, and you can use to check that no one else has changed the password.

Otherwise, the only thing that comes to mind is Anomaly Detection, which would trigger after 10 incorrect login attempts.

Let me know if this leads somewhere, or if you have a specific scenario you’d like to explore - maybe some steps to reproduce so that I can do it in my own tenant as well. I have a Gmail account so I can try the + model :slight_smile: