Programmatically lock and unlock user accounts

Unlocking a user programmatically

You can programmatically unlock a user using the UnlockUser Backend API operation.

Use cases

"Unlock button"

Your custom sign-in page could expose a button or link that allows the user to request an unlock token when they are locked out of their account.

  • Your app should be able to generate a random unlock token and associate it with the user.
  • The unlock token can be sent to the user via email or SMS.
  • After successful entry of the unlock token, your app's backend can issue an unlock request to the Clerk Backend API.

Send an unlock request to an admin

If your app supports users submitting admin requests, it could expose a way of requesting an admin unlock.

  • A request for unlock could arrive in your app's admin dashboard.
  • If an admin reviews the request and decides to grant access back to the user, they can request an unlock from your app's backend, which should in turn call the Clerk Backend API.

Lock a user programmatically

You can programmatically lock a user using the LockUser Backend API operation. Keep in mind that Clerk will still lock the user based on failed verification attempts.

Use cases

  • If a user is violating your app's code of conduct.


What did you think of this content?