@cibrax if I understand it correctly, that means users would be successfully authenticated in the Auth0, but denied access on the API/application side?
I’ll try that, but I’d really love it I could deny authorization on the Auth0 side already as I consider this particular API less secure.