Hi.
I’ve run into strange behaviour of Auth0…
User signed-up with Social connection(facebook). Facebook account is registered for
‘email@nowhere.com’ email.
Auth0 created account for user
user_id facebook|164.....
identities
{
"provider": "facebook",
"user_id": "164....",
"connection": "facebook",
"isSocial": true
}
]
Looks OK so far.
Then user tired to sign-in using email/password connection, and used the same email address which is used by Facebook(email@nowhere.com).
After 10 failed login attempts Auth0 started returning “Your account has been blocked after multiple consecutive login attempts.” error and added the following to user’s account:
blocked_for
{
"identifier": "email@nowhere.com",
"connection": "Username-Password-Authentication",
"ip": "xx.xx.xx.xx"
}
]
No “Blocked Account Email” has been sent.
Then user tired to sign-in with facebook - logged in fine.
So, why Auth0 marks account as “blocked” if it’s not actually blocked,
and looks like that account cannot be blocked cause uses only social connection(no email/password connection)?
Thanks.