Hi,
We are using the New Universal Login.
When the user’s account is manually blocked through the Auth0 management UI, the user trying to log in with the blocked account ends up in a redirecting loop between our app and login page without any information or reading why they cannot log in.
At first sight, this evokes buggy behavior without clear reasoning for what is happening in the app from the user’s perspective.
We would assume that the behavior will be similar when the user is being blocked by brute force protection in which case the message with reasoning is shown in the login UI.
Are there best practices or recommendations for improving this experience for users with blocked account or should this be considered a bug?