Last_login updated even if a user fails to login "Type Failed Login" due to Auth0 rule failure

Chris.Ward · April 15, 2020, 4:20pm

Hi all and thank you for your time in advance!

So I’ve seen a situation come up where an Auth0 user attempts to sign in , and they fail to due to an Auth0 rule.

Rule Snippet →

    if (user.app_metadata.deactivated === true) {
        return callback(new UnauthorizedError("User has been deactivated and is unable to login."));

The Auth0 History for the user shows

Type: Failed Login
Description: User has been deactivated and is unable to login.

however the “last_login” date for the user is updated to this date, and i would expect that not to happen.

Is this a known bug? i saw a closed ticket about this with no public resolution Last_login updated even if a user is blocked (on profile)

that feels very similar.

Thank you for your time,

Chris Ward

dan.woda · April 15, 2020, 8:01pm

Hi @Chris.Ward,

This is likely because rules are run after successful authentication. If this is something you would like to give the product team feedback on, that can be done here.

Thank you!
Dan

system · April 30, 2020, 8:01pm

This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Last_login updated even if a user is blocked (on profile) Help blocked-account , last-login	10	4878	March 30, 2023
Why are the users I blocked , they still login? Help user-profile , user-management	2	1196	December 15, 2022
Failed Silent Auth - Login required Help jwt , auth0 , login	5	7450	July 16, 2019
Question about handling failed logins from blocked users Help	4	3284	October 26, 2022
Last_login field updated for blocked accounts Help bug	4	2914	June 10, 2020

Last_login updated even if a user fails to login "Type Failed Login" due to Auth0 rule failure

Related Topics