Settings for access to the Temporary UI by email with SSO

Hello!
My task is to ensure that temporal-ui is accessible only to one user with the email landroverstudio@gmail.com.
I tried the following configuration in docker-compose.yml:

  temporal-ui:
    image: temporalio/ui:2.20.0
    container_name: "moysklad-py-v1_temporal-ui"
    restart: unless-stopped
    environment:
      - TEMPORAL_ADDRESS=temporal:7233
      - TEMPORAL_CORS_ORIGINS=http://localhost:8088
      - TEMPORAL_AUTH_ENABLED=true
      - TEMPORAL_UI_AUTH_REQUIRED=true
      - TEMPORAL_AUTH_PROVIDER_URL=https://accounts.google.com
      - TEMPORAL_AUTH_ISSUER_URL=https://accounts.google.com
      - TEMPORAL_AUTH_CLIENT_ID=${TEMPORAL_AUTH_CLIENT_ID}
      - TEMPORAL_AUTH_CLIENT_SECRET=${TEMPORAL_AUTH_CLIENT_SECRET}
      - TEMPORAL_AUTH_CALLBACK_URL=http://localhost:8088/auth/sso/callback
      - TEMPORAL_AUTH_SCOPES=openid profile email
      - TEMPORAL_UI_AUTH_ALLOWED_EMAILS=landroverstudio@gmail.com
    ports:
      - "8088:8080"
    depends_on:
      - temporal
    networks:
      - app

With this configuration, when trying to log in with a different user, it indeed returns to the login page with an “unauthorized” error.

But! If after a failed login I navigate to the workflow page (http://localhost:8088/namespaces/default/workflows) - it allows access there. The expected behavior is to return to the login page with an “unauthorized” error.

I tried changing the version to temporalio/ui:2.36.0, but in that case, it doesn’t even return to the page with “unauthorized” during login, but simply allows any authenticated user inside.