User is logged in even though he doesn't have access to one of the apps in a tenant

saitulasiram94 · September 3, 2023, 2:40pm

Hi Team,

I have multiple apps in my auth0 tenant. I have restricted user access to these apps using Actions i.e. not every user has got access to all the apps. I am using passwordless login and Next.Js

When a user logs in to an application for which he doesn’t have access, onExecutePostLogin action is executed and it throws an error (access denied) this is as expected. Now, lets say the user logs into the second application for which he has access to, and then navigates back to application 1 (which he doesn’t have access to) he is logged in now

I am testing this setup in localhost. Not sure as its the same domain, user is being logged in. I have tried validating using checkSession too but doesn’t seem to be working.

What am I missing here ? Any inputs?

Thanks in advance.

dan.woda · September 6, 2023, 7:06pm

Hi @saitulasiram94,

Welcome to the Auth0 Community!

Could you please share an example of the Action you are using to deny the login? Also, how are you handling the error in your app?

system · September 27, 2023, 2:13pm

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Can't control access to pages using actions? Help	6	2626	December 22, 2022
Auth0 Universal Login Bypass in Next.js App: Users Auto-Login After Logout Help classic-universal-login-experience , login-experience	0	27	July 26, 2024
"unauthorized (Access denied.)" after login Help auth0 , login , nextjs , blog	4	4862	December 15, 2021
Custom Action: user stays logged into Auth0 after api.access.deny Help login-experience , new-universal-login-experience	10	71	September 25, 2024
Getting "access_denied" error after verifying my email address Help login , access_denied , auth0-spa-js	8	4265	September 1, 2021

User is logged in even though he doesn't have access to one of the apps in a tenant

Related Topics