Preventing a user belonging to a group to access an application

Hello,

I’m trying to prevent some users to access a specific application.

I’ve created a group is_not_application_user and attached the users that should not be accessing the application.

I have added a custom action:

exports.onExecutePostLogin = async (event, api) => {
  if ((event.client.name === "Application") && !userRoles.includes("is_not_application_user"))
  api.access.deny(`Access to ${event.client.name} is not allowed.`);
 };

This action is inserted in login flow after the legacy rules.

If I test this with the application, I can never connect ( ?sso_failed=1). I can connect to the other application.

It should be a very basic thing but I m not good enough in programming

Thank you in advance for your help.
JC

Hi @liechtjc,

Welcome to the Auth0 Community!

It looks like you are putting a not operator (!) in front of your condition when you should simply be checking for the condition itself. (i.e. userRoles.includes vs. !userRoles.includes).

Additionally, the variable you are using userRoles, does not exist. If you want to look at the user’s roles, you should be using the variable event.authorization.roles.

Finally, you are missing curly brackets {} for your conditional.

Hope this helps!

Dear Dan,

Thank you very much for your help. This solved my problem. I’m sorry that I bother you with such trivial questions

No problem! I’m happy to help.