Overview
This article describes whether it is possible to prevent a large number of users from authenticating.
Applies To
- Authentication
- Post-Login Action
- Blocked
Solution
While there is no out-of-the-box way to block a set of users in bulk, it is possible to use a post-login action that can deny authentication based on specific criteria from the user profile.
For example, to block all users who have blocked
set to true
in their app_metadata
the following example should be reviewed:
exports.onExecutePostLogin = async (event, api) => {
if (event.user.app_metadata.blocked) {
api.access.deny("Blocked");
}
}