i have 3 users that got their accounts blocked due to too many failed logins (wrong password), i can clearly see this from the auth0 logs in my dashboard. However if i go to my users list to unblock these users i can manage to find them… How is that possible?
Good morning / good afternoon @riccieng-dev !
I reviewed your Monitoring → logs and can see that the affected user has already successfully logged in.
Do you still have issues with that?
yes… i recreated the user…
1 Like
so, the issue still remains i guess…
any news regarding this issue? I checked all of my code base, and it doesn’t seem like it’s a code generated error
Thank you for following up @riccieng-dev !
I appreciate your patience.
Another reason for a user being blocked is providing the wrong username or wrong email address, like in case of one of your users login attempt:
Additionally, in the case of the above login attempt, the user tries to log in to a “Machine To Machine” application, which is not intended to receive user login attempts.
I hope this clarifies the issue, but please let me know if you have any other questions!
Apologies, I hit the enter too quickly @riccieng-dev .
If you would like to enable your users to utilize this Machine To Machine app, you can invite them to collaboration with your Auth0 tenant, or share with them the app’s credentials (client_id and client_secret so they can request relevant access tokens via the Client Credentials exchange.
Happy to assist in case of further question on that!
thank you for your time, but this still doesnt clarify why upon getting blocked due to too many login attempts, their accounts got somehow deleted from the users list
Thank you for following up @riccieng-dev !
That should not happen.
If there was a user account created with a specific username and / or email in the Auth0 database, with which they try to multiple times login, then after brute blocking, the user account is still in the Auth0 database, and an admin can unblock the user.
In this case, could it be, that they have been blocked because they attempted to log in with a username that didn’t match any existing username on the database?
Your logs may show the username value entered by them, which doesn’t mean an account with this specific username has been created before in the database. To be fully honest, this is the only scenario that comes to my mind.
Please let me know your thoughts!
Thank you for your feedback, these users definetly existed and used to acess their accounts almost on a daily basis, for some reason (still to find out why), they entered the wrong credentials multiple times and got their accounts on auth0 blocked, which is absolutely fine. The issue is that when an admin (me), logged in the auth0 dashboard to unlock said users, i wasn’t able anymore to find them in the users list, which gave me no choice but to recreate this users using the same emails theu were using befor getting deleted form your system. I don’t get why they were eliminated
Thanks for these details! I believe you and understand this must be really frustrating.
At the same time, I mentioned in my previous message, that the app type of “Machine to machine” to which the blocked users / IP addresses attempted to log in with the username password, is not intended for this login flow, and thus it’s hard to predict the behavior and expect our systems work per design. This is not an app to which users log in be default but entities representing credentials to interact with other APIs.
I can recommend recreating user accounts and preventing them from logging in to any Machine-to-machine app. To do so, please update the enabled for the S** app grants only to include the Client Credentials one:
Thank you, that is totally a solution i will try! Just to be 100% sure regarding this anomalous behaviour (users getting wrongly deleted after having their accounts blocked), you confirm that this is a glitch that should not have happened under normal circumstances?
and especially the fact that these users deletions don’t show up in the auth0 logs section, further complicating the debugging process, surely isn’t a normal behaviour, right?
This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.