Hello.
I’m trying to develop a logging system using the API.
First of all, we have configured the “Brute-force Protection > Maximum Attempts” to 5.
We would like to show the attempts remaining when the user introduces a wrong password. To calculate this, we use the endpoint ‘/api/v2/users/{id}/logs’ to count the loggin fails.
To know if the user is blocked, we use the endpoint ‘/api/v2/user-blocks/{id}’ with the parameter: consider_brute_force_enablement=true.
The point is that an user fails 5 times, the user doesn’t receive the email. Then, the next time, even if the user introduces the correct password, the user will receive the email with the blocked information.
Many thanks for any help in advance
Hi @flavio.cuellar ,
Sorry for the delay in the response and welcome to the Auth0 Community!
What you observed is the expected behavior. After 5 consecutive failed login attempts, further attempts will block the account, that’s why you received the email notification on the 6th attempt.
Hope this helps!
Hi @lihua.zhang
I was expecting the email at the moment when the account is blocked, at the 5th attempt.
Thanks for your answer.
Hi @flavio.cuellar ,
I understand your concern. Please feel free to communicate your use case with our Product team directly via the feedback page. Thanks!
1 Like