Block all users unless accepted

In my application, I want no user to be able to log in via auth0. Unless i accept their application.

So what I want is pretty much a list that says:
“this is the people that want to have an account on this site”
And then I could accept or deny it.

Is their anything that can do this?

I already have everything protected for is unauthenticated users. But the problem is that anyone can create an account and therefore access my website.

Hi @emy,

Thanks for reaching out to the Auth0 Community!

Firstly, there are a couple of ways to approach this.

To start, you could write an Auth0 Action script that allows users to log into your application only if you have accepted their application.

To do so, you could leverage the user_metadata property to set true or false whenever you have accepted their application by calling the Management API’s Update a user endpoint.

Then on login, use a Post-Login Action script to check the value of user_metadata.application to allow or deny access accordingly.

For example:

exports.onExecutePostLogin = async (event, api) => {
  if (!event.user.user_metadata.application) {
    api.access.deny(`Access to ${event.client.name} is not allowed.`);
  }
};

Alternatively, you could create a database with sign ups disabled and invite your users to your application. This way, you can skip the complexity of assessing which user you would like to allow or deny access to your application and guarantee the users you invite are only the users allowed to access your application.

I hope the explanation was clear!

Please let me know if you have any questions.

Thanks,
Rueben

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.