I’m trying to prevent some users to access a specific application.
I’ve created a group is_not_application_user and attached the users that should not be accessing the application.
I have added a custom action:
exports.onExecutePostLogin = async (event, api) => {
if ((event.client.name === "Application") && !userRoles.includes("is_not_application_user"))
api.access.deny(`Access to ${event.client.name} is not allowed.`);
};
This action is inserted in login flow after the legacy rules.
If I test this with the application, I can never connect ( ?sso_failed=1). I can connect to the other application.
It should be a very basic thing but I m not good enough in programming
It looks like you are putting a not operator (!) in front of your condition when you should simply be checking for the condition itself. (i.e. userRoles.includes vs. !userRoles.includes).
Additionally, the variable you are using userRoles, does not exist. If you want to look at the user’s roles, you should be using the variable event.authorization.roles.
Finally, you are missing curly brackets {} for your conditional.