Feature: Add blocked_at timestamp field to User Management API
Description: The user object currently includes a blocked boolean field but lacks a corresponding timestamp to track when the blocking action occurred. We request adding a blocked_at field that stores an ISO 8601 timestamp.
Example of current user data:
json
{
"user_id": "auth0|xxx",
"blocked": true,
"created_at": "2025-04-28T09:22:16.579Z",
"updated_at": "2026-01-21T13:44:18.300Z"
// Missing: blocked_at field
}
Expected behavior:
-
blocked_at: ISO 8601 timestamp when user was blocked -
nullwhenblocked: false -
Populated when
blocked: true
Use-case: We’re building MAiDATA, a healthcare data analytics platform serving customers in pharmaceutical and healthcare sectors. We need comprehensive audit trails for compliance with healthcare regulations (GDPR, security standards). The blocked_at timestamp would enable us to:
-
Maintain complete audit logs for security incident investigations
-
Generate compliance reports showing exact timelines of account access changes
-
Track and analyze account blocking patterns for security monitoring
-
Meet regulatory requirements for user access lifecycle documentation
Why existing timestamp fields are insufficient: We cannot use updated_at or last_login as proxies for the blocking timestamp due to the following behavior we’ve observed and confirmed with documentation (Auth.js | Auth0):
-
When a blocked user attempts to login, the login fails (application doesn’t display) but Auth0 still records the attempt in the
last_loginfield -
Any data update, including
last_loginupdates, triggers an update to theupdated_attimestamp -
This means
updated_aton blocked users reflects their last login attempt, not when they were blocked -
Currently, we can only see
created_atand the booleanblockedstatus, but have no way to determine when the blocking action actually occurred