Feature: Allow actions to be run post Authentication but before Auto-Membership runs.
Description: During the login flow, want to have an action that can run, similar to post-login, but before the user is automatically added to an organization. There’s currently no way to trigger a denial of the user that doesn’t still leave them a member of the organization.
Use-case: We want to be able have to have someone use a social auth to login to an organization, however we want to be able to reject the login if their email isn’t from a given email domain. Right now this can be accomplished in a post-login action, however the user still ends up in the userlist. This feels incorrect as it means someone can pollute the organization’s user member list even though they never managed to make it through the full login flow.
There should be an action that is able to run before membership is granted.