@dan.woda Indeed there is another mystery I’m am trying to solve. I am now using Auth0 Universal Lock after heavily customizing it to fit my needs. Because I do not want users to create an account and have access to the services I want to block them from signing in.
So there are two possibilities now:
1. Every time I create a new user I add in user.metadata e.g. "allowed":false;. When a user tries to sign in a rule/hook gets executed that checks if the user is allowed to use the service. Then the user can continue or gets an error message. This is a little workaround because 2. is not quite working.
2. Every new created user is blocked from the start. However it is not so easy to implement this behavior. There is already a thread about this: Block users on bulk creation?
@dan.woda I would be totally fine with using possibility 1. How can I accomplish that within the rule.