Blocked user does not exist

Problem statement

Users receive a blocked warning after 10 failed login attempts, but they do not exist in auth0.

Cause

Brute force triggers all failed attempts regardless of whether the user exists.

Solution

Use the Auth0 Management API’s Get blocks by identifier endpoint (Auth0 Management API v2) to retrieve the blocks for the given identifier. In this case, the user’s email is sufficient.

An example GET request should look like

https://YOUR_TENANT_DOMAIN/api/v2/user-blocks?identifier=user@email.com

If you find the block, you can unblock the user by using the Management API’s Unblock by identifier endpoint (Auth0 Management API v2) by sending the identifier.

1 Like