User is logged in even though he doesn't have access to one of the apps in a tenant

saitulasiram94 · September 3, 2023, 2:40pm

Hi Team,

I have multiple apps in my auth0 tenant. I have restricted user access to these apps using Actions i.e. not every user has got access to all the apps. I am using passwordless login and Next.Js

When a user logs in to an application for which he doesn’t have access, onExecutePostLogin action is executed and it throws an error (access denied) this is as expected. Now, lets say the user logs into the second application for which he has access to, and then navigates back to application 1 (which he doesn’t have access to) he is logged in now

I am testing this setup in localhost. Not sure as its the same domain, user is being logged in. I have tried validating using checkSession too but doesn’t seem to be working.

What am I missing here ? Any inputs?

Thanks in advance.

dan.woda · September 6, 2023, 7:06pm

Hi @saitulasiram94,

Welcome to the Auth0 Community!

Could you please share an example of the Action you are using to deny the login? Also, how are you handling the error in your app?

system · September 27, 2023, 2:13pm

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Auth0 not clearing the session after 400 series error occurs Help login-experience , new-universal-login-experience	0	670	July 24, 2023
Can't control access to pages using actions? Help	6	2626	December 22, 2022
Denying login to a user already logged in elsewhere? Help login-experience , login-prompt-new-experience	1	1173	March 31, 2023
Preventing a user belonging to a group to access an application Help user-profile , user-management	4	964	May 8, 2023
Database user can only log in once Help login	4	2985	June 29, 2019

User is logged in even though he doesn't have access to one of the apps in a tenant

Related topics