Hi! We have a user who has an email address which, despite looking overwhelmingly like a fake email address, is actually correct and valid. We automatically create accounts for all of our users, so I can confirm that their account does exist. However, they are unable to log in because their email domain is blacklisted automatically by Auth0, and they cannot receive the email to set their password.
We do not want this email domain to be blacklisted. How do we remove it from the blacklist?
Hello @drt.dev.team,
Thank you for reaching out to us!
Apologies for the late reply, I believe the only way of overcoming this would be to implement a Post-Login Action that targets the event.user.email property. You can create an Action that whitelists Email Domains and allows access to the specified domains.
This can look something like this :
exports.onExecutePostLogin = async (event, api) => {
const email = event.user.email.split('@')[1]
const whitelist = ["gmail.com", "example.com"];
if (!whitelist.includes(email)) {
api.access.deny('invalid_request, Access denied.');
}
};
This would in essence deny access to anyone that is not under the specified Email Domains. You would need to add the Email Domains of all the users that require access to your tenant, but it should work as intended.
Thank you!
Gerald