I have multiple apps in my auth0 tenant. I have restricted user access to these apps using Actions i.e. not every user has got access to all the apps. I am using passwordless login and Next.Js
When a user logs in to an application for which he doesn’t have access, onExecutePostLogin action is executed and it throws an error (access denied) this is as expected. Now, lets say the user logs into the second application for which he has access to, and then navigates back to application 1 (which he doesn’t have access to) he is logged in now
I am testing this setup in localhost. Not sure as its the same domain, user is being logged in. I have tried validating using checkSession too but doesn’t seem to be working.
What am I missing here ? Any inputs?
Thanks in advance.