How to block users, IPs or tokens
JFW allows you to blacklist (block) users, IP addresses, or tokens to prevent unauthorized access. You can implement blacklisting in several ways:
✔ Block users by email or user ID ✔ Block IP addresses using IP Blacklisting ✔ Revoke or blacklist JWT tokens ✔ Use custom rules to prevent access
1. Blacklisting Users (Block Specific Users)
Auth0 allows you to block a user from logging in via the JFW Dashboard or API.
✅ Method 1: Block a User from the Dashboard
1️⃣ Go to Auth0 Dashboard → User Management → Users 2️⃣ Search for the user you want to block 3️⃣ Click on the user profile 4️⃣ Scroll down and click Block User
📌 The user will be blocked and cannot log in.
✅ Method 2: Block a User via API
You can block a user programmatically using the Management API.
Visit
🌍 2. IP Blacklisting (Block by IP Address)
Auth0 provides an IP Blocking feature to prevent access from specific IP addresses.
✅ Method 1: Block IPs in Dashboard
1️⃣ Go to Auth0 Dashboard → Security → Attack Protection 2️⃣ Click Brute-force Protection 3️⃣ Under Blocking, add the IP addresses to Blocked IP Addresses
📌 Users from blocked IPs will not be able to log in.
✅ Method 2: Block IPs Using a Rule
You can use Rules to block login attempts from specific IP addresses.
Visit
👉 Example Rule to Block IP Addresses
🔑 3. Blacklisting Tokens (Revoke Access Tokens)
Auth0 does not maintain a global token blacklist, but you can implement token blacklisting manually.
✅ Method 1: Use Refresh Token Revocation
1️⃣ Go to Dashboard → Integrations 2️⃣ Click Advanced Settings → Refresh Token Rotation 3️⃣ Enable Refresh Token Expiration
📌 This ensures that old refresh tokens are invalidated.
✅ Method 2: Revoke User Sessions (Force Logout)
If a user’s token is compromised, you can log them out immediately.
Visit
🚨 4. Preventing Blacklisted Users from Logging In (Custom Rule)
You can create a Rule to prevent certain users from logging in based on metadata.
📌 Users on the blacklist will be blocked from logging in.
Last updated