How to prevent logging in until admin approval?

Hey guys,

I’m quite new at Auth0 developing but I guess what I’m trying to do is not impossible using rules. I’d like only approved users to be able to log in to my app.
For example, someone signs up, an email is sent to me asking if I approve or not their account and they cannot log in until I’ve approved it. Like an email verification thing but the email would be sent to me instead of the user.

Could you walk me through this?

This is possible through a pre-user registration hook and a rule. Here’s an example of how you’d implement it:

You would first create a pre-user registration hook that sets a flag in the user’s app_metadata. You’ll use this flag to determine whether they have been approved.

From within this hook you call your own web service that will send the email to your administrator(s) for approval. This email would then include a link that when clicked your site’s backend would perform a management API call to set the flag you defined earlier in the newly registered user’s app_metadata.

You would then have a rule that checks this flag is true, and if not, would deny the user access. Here’s an example:

  if (user.app_metadata && user.app_metadata.approved) {
    return callback(new UnauthorizedError('Your registration must be approved by an administrator.'));

  callback(null, user, context);

This topic was automatically closed 24 hours after the last reply. New replies are no longer allowed.