Last_login updated even if a user fails to login "Type Failed Login" due to Auth0 rule failure

Hi all and thank you for your time in advance!

So I’ve seen a situation come up where an Auth0 user attempts to sign in , and they fail to due to an Auth0 rule.

Rule Snippet ->

    if (user.app_metadata.deactivated === true) {
        return callback(new UnauthorizedError("User has been deactivated and is unable to login."));

The Auth0 History for the user shows

Type: Failed Login
Description: User has been deactivated and is unable to login.

however the “last_login” date for the user is updated to this date, and i would expect that not to happen.

Is this a known bug? i saw a closed ticket about this with no public resolution Last_login updated even if a user is blocked (on profile)

that feels very similar.

Thank you for your time,

Chris Ward

Hi @Chris.Ward,

This is likely because rules are run after successful authentication. If this is something you would like to give the product team feedback on, that can be done here.

Thank you!

This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.