Authentication performance testing

We are planning on running performance benchmarking against our integration with the Auth0 authentication API. If we use only a few accounts for authentication these quickly get blocked with status code 429 for too many login attempts. Has anybody have any experience with this?

One thing to have in mind that may even be more important than the current 429 you’re receiving is that performance/load testing against an Auth0 tenant is only available to certain subscriptions and even for those it needs to be pre-approved (Load Testing Policy).

If you are eligible to perform them the best course of action for technical queries related to execution of such test would be to make them in the same support ticket requesting the test approval.

If you are not eligible to perform a load test than receiving 429 response is not the worse that it can happen, because technically you’re performing something you should not and as such may have the tenant itself blocked.

1 Like

Hi rsanchez, I would add that there are many alternatives, which are usually better, to a full on load-test. If you determine what you want to test, a mock service may be preferable, testing components in isolation may be preferable etc.

John

1 Like

If the user or a test is logging on and off for a valid user with valid credentials the tenant could be blocked? Wouldn’t just the user be blocked?

In relation to a global block I was referring to the fact that if you’re performing something that you’re not allowed to do (an unauthorized load test would be an example) this could be detected and manual actions could be taken like the possibility to block the tenant. This is an extreme scenario, but possible.