Auth0 Home Blog Docs

Getting "blocked" variable into CustomDB

custom-database
blocked-account

#1

Is there any way to get the “blocked” variable into my CustomDB so i can block the users access regardless of the expire date? This will introduce server-side statefulness, which i am aware of.


#2

What block are you referring to, e.g. Brute Force Protection (single user, or multiple user), or a general user block?
Please describe the use case for this.


#3

i would assume so, there is only one variable called “blocked”, which also can be triggered manually, and most likely also used by brute force protection.


#4

The blocked attribute in the user profile is associated with a manual block and to my knowledge has no associated expiration time; it’s blocked until manually unblocked so I’m likely missing something in relation to your requirement of blocking regardless expiration time as there’s no expiration time that I’m aware. This is also something available to all connections types and not specific to custom databases so even if the user authenticates successfully against the IdP, in this case your custom database, the authentication transaction would still fail if the user is blocked.

As mentioned before, please expand on the use case for needing that value available in the custom database script. Also have in mind that you can query that value through a Management API call, however, doing so at each login is not recommended as rate limits for Management API calls may end-up affecting the number of authentication transactions you would be able to complete.


#5

I understand. I would like to use this attribute to block the user from consuming endpoints on the database even before the token has expired. As the database auth0 is using is the one shared with our API, so it will be quite accessible already for queries.


#6

So technically i just need to change the custom script?


#7