We are using Auth0 for authentication and assigning permissions to access separate documentation. The failed login messages being returned when a user does not have permissions is misleading and confusing. It appears that all failure status is being displayed as a generic message to the user. The message is also unfavorable to whitelisting. The suggestion is to pass through the actual message description from Auth0.
Stoplight Auth0 generic message: Invalid Auth0 Credentials
Auth0 message description: You do not have the required role to access Developer Center.