Marks the given User as locked, which means they are not allowed to sign in again until the lock expires.

By default, lockout duration is 1 hour, but it can be configured in the application's Attack Protection settings. For more details, see the dedicated guide for customizing Attack Protection settings.

function lockUser: (userId: string) => Promise<User>;
  • Name

    The ID of the user to lockout.

const userId = 'user_2V7JJKmoA9HqzHhfMqK5cpgLl56';

const response = await clerkClient.users.lockUser(userId);

_User {
  id: 'user_2V7JJKmoA9HqzHhfMqK5cpgLl56',
  passwordEnabled: false,
  totpEnabled: false,
  backupCodeEnabled: false,
  twoFactorEnabled: false,
  banned: false,
  createdAt: 1694181111181,
  updatedAt: 1708102548373,
  imageUrl: '',
  hasImage: true,
  primaryEmailAddressId: 'idn_2V7JJ2R3O7KWHjCmUuEOJESHlPz',
  primaryPhoneNumberId: null,
  primaryWeb3WalletId: null,
  lastSignInAt: 1708101739595,
  externalId: null,
  username: null,
  firstName: 'Alexis',
  lastName: 'Aguilar',
  publicMetadata: {},
  privateMetadata: {},
  unsafeMetadata: {},
  emailAddresses: [
    _EmailAddress {
      id: 'idn_2V7JJ2R3O7KWHjCmUuEOJESHlPz',
      emailAddress: '',
      verification: [_Verification],
      linkedTo: [Array]
  phoneNumbers: [],
  web3Wallets: [],
  externalAccounts: [
    _ExternalAccount {
      id: 'idn_2V7JJ4xpXyj0mazg3lsLYOUit9t',
      provider: undefined,
      identificationId: undefined,
      externalId: undefined,
      approvedScopes: 'email openid profile',
      emailAddress: '',
      firstName: undefined,
      lastName: undefined,
      imageUrl: undefined,
      username: null,
      publicMetadata: {},
      label: null,
      verification: [_Verification]
  lastActiveAt: 1708041600000,
  createOrganizationEnabled: true

Backend API (BAPI) endpoint

This method in the SDK is a wrapper around the BAPI endpoint POST/users/{user_id}/lock. See the BAPI reference for more details.


What did you think of this content?