When you say
I can see that the user is verified
you are referring to this particular flag, right?
Just asking, cause it surprises me that it would get verified despite the error message.
Is there any more detail in the logs? (Auth0 > Dashboard > Logs)
they can proceed to the site without problem
Yes, a verified email address isn’t by default required to authenticate. You can have accounts that never verify their email address. It’s up to you to decide whether you want to allow this or not (i.e. block it via Rule).