Addition of Delay Functionality for Authentication Responses when IP Throttling is Active

Content

To comply with the security requirements of “JC-STAR,” it is necessary to implement a functionality that can introduce a delay when issuing authentication responses.

Currently, the settings in Auth0 are as follows:

• Suspicious IP Throttling: Enabled
• Suspicious IP Thresholds: Default

Under these conditions, there is no functionality in Auth0 to introduce delays in authentication responses. Therefore, I would like to request the addition of the following features:

1. The ability to configure a delay time when issuing authentication responses.
2. The ability to control delay time dynamically, especially after failed authentication attempts.
   (For example, allowing a delay time such as XXms to be specified.)

The addition of these features would greatly help in meeting the requirements of JC-STAR compliance. I would greatly appreciate it if you could consider implementing these improvements.

Additional Information

Through previous communication, I have confirmed that no such functionality currently exists in Auth0.
The goal is to achieve stricter control over IP throttling and to meet specific security requirements.

Hi @fujii.takayuki,

Thanks for the feedback request!

If you haven’t already, I recommend upvoting this feedback request!

Let’s hope it attracts as many votes as possible!

Thanks,
Rueben

Youre absolutely right - Auth0 currently doesnt offer built-in functionality for introdusing delays in authentication responses, even with Suspicious IP Throttling enabled. While this feature would be valuable for meeting JC-STAR compliance, a possible workaround could be implementing a middleware layer in your authentication flow to introduce controlled delays based on failed attempts.