Docs

lockUser()

Marks the given User as locked, which means they are not allowed to sign in again until the lock expires.

By default, lockout duration is 1 hour, but it can be configured in the application's Attack protection settings. For more information, see the dedicated guide for customizing Attack protection settings.

function lockUser(userId: string): Promise<User>
  • Name
    userId
    Type
    string
    Description

    The ID of the user to lockout.

const userId = 'user_123'

const response = await clerkClient.users.lockUser(userId)

console.log(response)
/*
_User {
  id: 'user_123',
  passwordEnabled: false,
  totpEnabled: false,
  backupCodeEnabled: false,
  twoFactorEnabled: false,
  banned: false,
  locked: true,
  createdAt: 1694181111181,
  updatedAt: 1708102548373,
  imageUrl: 'https://img.clerk.com/eyJ...',
  hasImage: true,
  primaryEmailAddressId: 'idn_123',
  primaryPhoneNumberId: null,
  primaryWeb3WalletId: null,
  lastSignInAt: 1708101739595,
  externalId: null,
  username: null,
  firstName: 'Alexis',
  lastName: 'Aguilar',
  publicMetadata: {},
  privateMetadata: {},
  unsafeMetadata: {},
  emailAddresses: [
    _EmailAddress {
      id: 'idn_123',
      emailAddress: 'alexis@clerk.dev',
      verification: [_Verification],
      linkedTo: [Array]
    }
  ],
  phoneNumbers: [],
  web3Wallets: [],
  externalAccounts: [
    _ExternalAccount {
      id: 'idn_123',
      provider: undefined,
      identificationId: undefined,
      externalId: undefined,
      approvedScopes: 'email https://www.googleapis.com/auth/userinfo.email https://www.googleapis.com/auth/userinfo.profile openid profile',
      emailAddress: 'alexis@clerk.dev',
      firstName: undefined,
      lastName: undefined,
      imageUrl: undefined,
      username: null,
      publicMetadata: {},
      label: null,
      verification: [_Verification]
    }
  ],
  lastActiveAt: 1708041600000,
  createOrganizationEnabled: true
}
*/

Backend API (BAPI) endpoint

This method in the SDK is a wrapper around the BAPI endpoint POST/users/{user_id}/lock. See the BAPI reference for more information.

Feedback

What did you think of this content?

Last updated on