In my application, I want no user to be able to log in via auth0. Unless i accept their application.
So what I want is pretty much a list that says:
“this is the people that want to have an account on this site”
And then I could accept or deny it.
Is their anything that can do this?
I already have everything protected for is unauthenticated users. But the problem is that anyone can create an account and therefore access my website.
Firstly, there are a couple of ways to approach this.
To start, you could write an Auth0 Action script that allows users to log into your application only if you have accepted their application.
To do so, you could leverage the user_metadata property to set true or false whenever you have accepted their application by calling the Management API’s Update a user endpoint.
Then on login, use a Post-Login Action script to check the value of user_metadata.application to allow or deny access accordingly.
For example:
exports.onExecutePostLogin = async (event, api) => {
if (!event.user.user_metadata.application) {
api.access.deny(`Access to ${event.client.name} is not allowed.`);
}
};
Alternatively, you could create a database with sign ups disabled and invite your users to your application. This way, you can skip the complexity of assessing which user you would like to allow or deny access to your application and guarantee the users you invite are only the users allowed to access your application.