You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
When a user logs in for the first time with any IdP and Auth0 runs the force-users-login-most-secure-method.js rules, does this piece of code execute because the search for auth0 profiles with the same email address comes back empty? Or does that search always produce at least one result, which is the profile of the user that is in the login process right now?
If it's the latter does that mean that this piece of code never actually executes because at least one search result is always returned?
If so, what do you think about changing this piece of code to deny the user access instead of permitting them. The rationale would be that this is a code path we never expect to execute and so if it does something unexpected is happening and we should probably deny access just to be safe.
The text was updated successfully, but these errors were encountered:
When a user logs in for the first time with any IdP and Auth0 runs the
force-users-login-most-secure-method.jsrules, does this piece of code execute because the search for auth0 profiles with the same email address comes back empty? Or does that search always produce at least one result, which is the profile of the user that is in the login process right now?If it's the latter does that mean that this piece of code never actually executes because at least one search result is always returned?
If so, what do you think about changing this piece of code to deny the user access instead of permitting them. The rationale would be that this is a code path we never expect to execute and so if it does something unexpected is happening and we should probably deny access just to be safe.
The text was updated successfully, but these errors were encountered: