I can confirm this. The only scenario i can think of for this to happen is if someone double clicks the button as they would with an app. It is purely cosmetic though and serves on problem so according to the docs I am changing the priority level

Hello there, I am happy to fix this problem, however I was wondering about the preferred method.

I see that there could be a few ways to fix this.
1- Do not add duplicate messages to the message queue.
2- Do not allow the user to click the button twice.
3- Clear the credentials on a failed authorization attempt.

Thanks for your help!

So, ignore the part about the message queue, I will use a boolean variable to see if it has been displayed already and ignore the warning if it has. I hope this is acceptable, I tried to keep it minimal.

I have added 3 lines, with the idea that if an authorisation is the same as the previous authorisation ignore the duplicate message and continue. This should work for multiple clicks, and I do not think it will affect any other operations.

The bold is the changes to /joomla-cms/libraries/cms/applications/cms.php
I did not include these in the deprecated /joomla-cms/libraries/legacy/application/application.php

$authorisations = $authenticate->authorise($response, $options);
$previousauth = NULL;

foreach ($authorisations as $authorisation)
{
$denied_states = array(JAuthentication::STATUS_EXPIRED, JAuthentication::STATUS_DENIED);
if (in_array($authorisation->status, $denied_states))
{
// Trigger onUserAuthorisationFailure Event.
$this->triggerEvent('onUserAuthorisationFailure', array((array) $authorisation));

    // If silent is set, just return false.
    if (isset($options['silent']) && $options['silent'])
    {
        return false;
    }

    //if the user has duplicated request for login ignore the duplicate attempt's message.
    **if($previousauth != $authorisation)**
    {   
           // Return the error.
        switch ($authorisation->status)
        {
            case JAuthentication::STATUS_EXPIRED:
                return JError::raiseWarning('102002', JText::_('JLIB_LOGIN_EXPIRED'));

                break;

            case JAuthentication::STATUS_DENIED:
                return JError::raiseWarning('102003', JText::_('JLIB_LOGIN_DENIED'));

                break;

            default:
                return JError::raiseWarning('102004', JText::_('JLIB_LOGIN_AUTHORISATION'));

                break;
        }   
        **$previousauth = $authorisation;**
    }
}<hr /><sub>This comment was created with the <a href="https://github.com/joomla/jissues">J!Tracker Application</a> at <a href="http://issues.joomla.org/tracker/joomla-cms/5709">issues.joomla.org/joomla-cms/5709</a>.</sub>

Closing as we have a PR by @twhitloc here: #6832 Thanks