diff --git a/components/server/src/auth/generic-auth-provider.ts b/components/server/src/auth/generic-auth-provider.ts
index 511e4cbcf04f71..1b55bf33b7332c 100644
--- a/components/server/src/auth/generic-auth-provider.ts
+++ b/components/server/src/auth/generic-auth-provider.ts
@@ -356,11 +356,11 @@ export class GenericAuthProvider implements AuthProvider {
                 message = 'OAuth Error. Please try again.'; // this is a 5xx response from authorization service
             }
 
-            if (!UnconfirmedUserException.is(err)) {
-                // user did not accept ToS. Don't count this towards the error burn rate.
-                increaseLoginCounter("failed", this.host);
+            if (UnconfirmedUserException.is(err)) {
+                return this.sendCompletionRedirectWithError(response, { error: err.message });
             }
 
+            increaseLoginCounter("failed", this.host);
             log.error(context, `(${strategyName}) Redirect to /sorry from verify callback`, err, { ...defaultLogPayload, err });
             response.redirect(this.getSorryUrl(message));
             return;