Can't control access to pages using actions?

rueben.tiow · March 23, 2022, 11:33pm

Thanks for reaching out to the Auth0 Community!

I understand that you are trying to deny access to users who do not have an Admin role.

To do so, you will need to use a Post-Login Action to check if the authentication request comes from your application and that the user has the admin role. See below:

exports.onExecutePostLogin = async (event, api) => {
  if(event.client.name === 'YOUR_CLIENT_NAME' && event.authorization.roles !== 'admin'){
    api.access.deny(Access to ${event.client.name} is not allowed.);
  }
};

You can find your Client Name in your Auth0 Dashboard > Applications > Applications and click on your app. On the settings page, the Name should match the event.client.name.

Once this is complete, you can control and restrict access to your application.

Hoped this helps!

Please let me know if you have any further questions.

Thank you.

Topic		Replies	Views
Can I block user from log in all apps but one? Get Help auth0 , api , management-api , users , login , access-token	3	3102	June 1, 2022
Preventing a user belonging to a group to access an application Get Help user-profile , user-management	4	1059	May 8, 2023
How do I add permissions (not roles) using the actions? Get Help dashboard , admin-management	4	1154	January 15, 2024
Custom Action: user stays logged into Auth0 after api.access.deny Get Help login-experience , new-universal-login-experience	10	173	September 25, 2024
User is logged in even though he doesn't have access to one of the apps in a tenant Get Help sessions , authentication-sessions	2	634	September 6, 2023

Can't control access to pages using actions?

Related topics