diff --git a/app/Http/Controllers/UserController.php b/app/Http/Controllers/UserController.php
index d40af7ac..e5764444 100644
--- a/app/Http/Controllers/UserController.php
+++ b/app/Http/Controllers/UserController.php
@@ -303,6 +303,11 @@ public function emitOTP()
                 throw new ValidationException("empty username.");
             }
 
+            $user = $this->auth_service->getUserByUsername($username);
+
+            if (!$user->isActive())
+                throw new ValidationException("User is not active.");
+
             $client = null;
 
             // check if we have a former oauth2 request