User is logged in even though he doesn't have access to one of the apps in a tenant

Hi Team,

I have multiple apps in my auth0 tenant. I have restricted user access to these apps using Actions i.e. not every user has got access to all the apps. I am using passwordless login and Next.Js

When a user logs in to an application for which he doesn’t have access, onExecutePostLogin action is executed and it throws an error (access denied) this is as expected. Now, lets say the user logs into the second application for which he has access to, and then navigates back to application 1 (which he doesn’t have access to) he is logged in now :frowning:

I am testing this setup in localhost. Not sure as its the same domain, user is being logged in. I have tried validating using checkSession too but doesn’t seem to be working.

What am I missing here ? Any inputs?

Thanks in advance.

Hi @saitulasiram94,

Welcome to the Auth0 Community!

Could you please share an example of the Action you are using to deny the login? Also, how are you handling the error in your app?

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.