Hi @Erwin Corvera , there is no direct way to detect whether a user has logged in using a VPN unfortunately.
You might be able to indirectly determine whether a user has logged in using a VPN by looking at the user's IP address. If the user is logging in from an IP address that is associated with a VPN service, then it is likely that the user is using a VPN to connect to your application or service.
You can look at the ipaddr
claim in the user's ID token or access token. The ipaddr
claim contains the IP address of the client that requested the token.Keep in mind that the ipaddr
claim is not always reliable and can be spoofed or manipulated by attackers.
If you're concerned about security risks I would look into MFA for your users.
Please let me know if you have any questions and I can help you further.
If this answer helps you please mark "Accept Answer" so other users can reference it.
Thank you,
James