We’re workin on implementing a domain whitelist similar to this template: auth0/opensource-marketplace/blob/main/templates/simple-domain-allowlist-POST_LOGIN/code.js /** * Handler that will be called during the execution of a PostLogin flow. * * --- AUTH0 ACTIONS TEMPLATE https:/…

Ahh, I needed to pass the client_id parameter so it knows which app to use for a logout whitelist. The following solution is working now: api.redirect.sendUserTo(`https://${event.tenant.id}.us.auth0.com/v2/logout`, { query: { client_id: event.client.client_id, returnTo: `${event…

Custom Action: user stays logged into Auth0 after api.access.deny

Help

tyf September 5, 2024, 11:12pm 3

Hey there @mcantrell !

As api.access.deny does not end any existing session, you’ll also want to log users out in order to avoid the loop you’re experiencing. Please see the following post: