Thank you for posting @misley !
I’m happy to assist you in discovering the solution you’re looking for.
If we are looking for an answer to how to end a user session on the Auth0 (IdP) layer, this session is invalidated once a user is blocked.
To invalidate a local application session (the UI you are mentioning), there is a way for that as well (that shouldn’t cause you troubles with rate limiting if we follow the recommended 15-minutes interval between calls) - please take a look at this doc, especially the part:
If needed to log users out of the application’s local session when blocking them, it is necessary to periodically poll the
/authorize
endpoint using the “prompt=none” parameter (AKA silent authentication) to check if the user still has a valid session on the Auth0 side.
- Check out Poll with checkSession() .
Please let us know your thoughts and follow-up questions!