I know that I can “Block” individual users either through the Management API (call “Update a User” endpoint with “blocked” property set to “true”) or via the Auth0 Dashboard.
My question is, can I bulk-block a bunch of users via the Management API, specified with their email addresses or Auth0 ID?
Or in general, perform any bulk operations on a group of users (including deleting) via the Management API?
If not, is there any workaround to achieve this? The main objective is to not call the API 30 times, but only once.
I understand that you’d like to bulk block users on your application.
Unfortunately, there isn’t an equivalent endpoint that could bulk block your users.
If you would like to block your users, you will need to use the Auth0 Management API Update a user endpoint to programmatically update those individuals to a blocked state.
As an alternative, you could consider using something like Auth0 Actions. If there is a specific condition which you know these users should be blocked, for example, a certain domain, IP address, or a list of email addresses, then you could have a Post-Login script waiting to block these users and deny them access.
Using a Post-login script, what would happen if the user is already logged in? That is, the …/authorize endpoint redirects back to the application directly instead of the …/login endpoint. Would the script still run?
The Post-Login script will always trigger after a successful login flow. So in the case where a user hits the /authorize endpoint with an active session, then the user will not need to re-authenticate, and the Post-Login script will execute.
I hope this answers your question.
Please let me know if there’s anything else I can do to help.