Hi @alvarosanchez, I would like to have the plugin pay attention to the user properties accountLocked and accountEnabled - i.e. rejecting any calls to /api if the account is locked or not enabled, if that /api is fully authenticated and even if a valid token is passed. It doesn’t look like the plugin pays any attention to these attributes. Is there a legitimate way I can override the plugin and enable this behavior, or is this a feature that could be added? Thanks.