So I am having a few issues while trying to use the “Trust Token Endpoint IP Header” option.
So I have a trusted server that is doing the login on behalf of the customer.
However I am having issues because Auth0 is blocking my backend server due to suspicious activity (when users fail login).
So what I did:
- I enabled “Trust Token Endpoint IP Header” on my Auth0 client app (it is using a Database connection is case this influences anything)
- I added the following value on my .Net call (new ResourceOwnerTokenRequest … ForwardedForIp = client ipAddress)
- by looking at the request being sent through fiddler I can see the “auth0-forwarded-for” header value being added correctly
- However I still see on the logs my server IP Address (instead of the client one)
- I haven’t tried blocking the server again but I imagine if the logs still show the server IP Address it looks like that client ip address being forwarded is not being used
Can someone give me some pointers?