Auth0 Home Blog Docs

Last_login updated even if a user is blocked (on profile)

blocked-account
last-login

#1

As the title suggests; the last is updated after a user attempted to log in but did not log in successfully.

Is this behaviour expected?
Is there another way to determine a user logging in truly successfully (establish session or hand out auth token)?


#2

Where are you seeing this? Can you give a screenshot?


#3

Hey Jeremy,

I’ve tried both on SaaS as well as our appliance:

  1. Block a user
  2. Try to log in with the correct password
  3. Get a response telling the user he is blocked
  4. Notice how the "last_login" field is update on the user profile

I understand you might somehow consider “blocked” flags as “authorization” logic (not authentication) but it’s integral to Auth0 so the “last_login” field should not be updated in my opinion if a blocked user tries to log in.


#4

Do let me know if you still need more information.