When a user logs in to the application using some random email (i.e. the email is not yet registered as a user), my application sends an OTP in their email via Auth0. I have also enabled Phone SMS MFA, hence after entering the OTP from email, user is redirected to enroll for Multi-Factor Auth.
In this screen, when the user enters the phone number and OTP, Auth0 cannot log in that user since it’s not present in the system, and redirects the user back to the MFA screen, instead of fully logging out the user. There is no way to change the email now and user is stuck in MFA screen forever. What should be done in this case? How can we properly logout the user if a non-existent email tries to login?