How to block users, IPs or tokens
JFW allows you to blacklist (block) users, IP addresses, or tokens to prevent unauthorized access. You can implement blacklisting in several ways:
β Block users by email or user ID β Block IP addresses using IP Blacklisting β Revoke or blacklist JWT tokens β Use custom rules to prevent access
1. Blacklisting Users (Block Specific Users)
Auth0 allows you to block a user from logging in via the JFW Dashboard or API.
β
Method 1: Block a User from the Dashboard
1οΈβ£ Go to Auth0 Dashboard β User Management β Users 2οΈβ£ Search for the user you want to block 3οΈβ£ Click on the user profile 4οΈβ£ Scroll down and click Block User
π The user will be blocked and cannot log in.
β
Method 2: Block a User via API
You can block a user programmatically using the Management API.
Visit
π 2. IP Blacklisting (Block by IP Address)
Auth0 provides an IP Blocking feature to prevent access from specific IP addresses.
β
Method 1: Block IPs in Dashboard
1οΈβ£ Go to Auth0 Dashboard β Security β Attack Protection 2οΈβ£ Click Brute-force Protection 3οΈβ£ Under Blocking, add the IP addresses to Blocked IP Addresses
π Users from blocked IPs will not be able to log in.
β
Method 2: Block IPs Using a Rule
You can use Rules to block login attempts from specific IP addresses.
Visit
π Example Rule to Block IP Addresses
π 3. Blacklisting Tokens (Revoke Access Tokens)
Auth0 does not maintain a global token blacklist, but you can implement token blacklisting manually.
β
Method 1: Use Refresh Token Revocation
1οΈβ£ Go to Dashboard β Integrations 2οΈβ£ Click Advanced Settings β Refresh Token Rotation 3οΈβ£ Enable Refresh Token Expiration
π This ensures that old refresh tokens are invalidated.
β
Method 2: Revoke User Sessions (Force Logout)
If a userβs token is compromised, you can log them out immediately.
Visit
π¨ 4. Preventing Blacklisted Users from Logging In (Custom Rule)
You can create a Rule to prevent certain users from logging in based on metadata.
π Users on the blacklist will be blocked from logging in.
Last updated