alorenzo175
commented
5 years ago Auth0 also has the ability to prevent logins. Could rely on that, but there would be a delay from when the lock is applied and when the user's token expires. Otherwise we should probably still use the Auth0 lock and add a column to the users table that is checked before any can_user_perform_action
and make rbac functions take this into account before allowing access