I’m using app_metadata to store users’ permissions within my app. What I’d like to do is force the login (using universal login) to fail if the user lacks a particular property within that meta data.
If this isn’t possible, I can just show an error screen after they login, but preferable would be that login fails.
Is this possible at all? Many thanks!
Hi @kkrp1,
Thanks for reaching out to the Auth0 Community!
Yes, it should be possible to deny a user access based on a property in their app_metadata.
Here is an example you can use and adapt to your scenario:
/**
* @param {Event} event - Details about the user and the context in which they are logging in.
* @param {PostLoginAPI} api - Interface whose methods can be used to change the behavior of the login.
*/
exports.onExecutePostLogin = async (event, api) => {
if (event.user.app_metadata.color !== 'blue') {
api.access.deny(`Access to ${event.client.name} is not allowed.`);
}
};
Please let me know if there’s anything else I can do to help.
Cheers,
Rueben
Thanks Rueben! That looks perfect.
Additionally, you replied to another post of mine, whos existence I promptly forgot about, and by the time I remembered the post had auto-closed so I couldn’t reply to say thanks. Apologies!
This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.