Overview
This article explains why a brute force blocked user did not exist under Auth0 Dashboard > User Management > Users.
Applies To
- Brute Force Blocked User
- Management API
- Blocked Accounts
Solution
Brute force protection is triggered after failed n attempts, regardless of whether the user exists in Auth0 Dashboard > User Management > Users, to prevent enumeration attacks.
Use the Auth0 Management API’s Get blocks by identifier endpoint to retrieve the blocks for the given identifier (in this case, the user’s email is sufficient).
An example GET request:
GET api/v2/user-blocks?identifier=user@email.com
If the block is found, unblock the user by using the Management API’s Unblock by identifier by sending the identifier(username, phone number, or email).
DELETE api/v2/user-blocks?identifier=user@email.com