Hey Auth0!
Just after some advice on the rate limit error that occurs when you consistently enter incorrect codes for an mfa challenge i.e: The rate limit for endpoint /u/mfa-otp-challenge was reached. Please retry after a few minutes.
When this occurs, is there any way for me to catch the error in my post login action where I initialised the challenge with challengeWith?
Right now, it jumps directly to my custom error page.
Thanks!
Welcome back to the Auth0 Community!
You can definitely incorporate your challengeWith function from the Post-Login Action in a try and catch block and use the console.error function from within the Action in order to log the error out or the error_description. You can also use methods such as api.sendUserTo or api.access.deny to redirect the user to custom error page or block access, but I would recommend only inspecting the error for management purposes since otherwise the automatic redirect to the MFA page will not occur.
On the other hand, you can also customize the message shown to the user in this case as well using Customize Universal Login Page Templates, In this documentation you can also check out all of the variables available for the mfa prompt, such as too-many-push or too-many-email.
I hope this helps!
Thanks,
Remus
Hey @remus.ivan ,
Thanks for the reply!
I’ve tried wrapping the challengeWithAny with a try/catch block and logging out the error when getting the rate limit error (The rate limit for endpoint /u/mfa-otp-challenge was reached. Please retry after a few minutes) but doesn’t seem to work as intended and instead just seems to redirect me to my custom auth0 error page immediately.
This is a snippet of my code inside a post login action if it helps:
const shouldChallenge = shouldChallengeWithMfa(event);
if (shouldChallenge) {
console.log(`Challenging user ${email} (${userId}) with MFA`);
try {
api.authentication.challengeWithAny(
SUPPORTED_MFA_FACTORS.map((type) => ({ type }))
);
} catch (error) {
console.log(error);
}
}
I’m monitoring if it gets logged with the auth0 action logs.
Thanks,
Daniel.
You can monitor this behavior by accessing logs or app logs since the Action Console can not provide detailed information on an error caused by MFA factors. if you want to monitor this in live action, you can use the Real-time Webtask Logs Extension.
However, other than monitoring the error, the behavior presented from exceeding the MFA attempts is not configurable, as I would suggest checking out this Knowledge Article - MFA Limits for OTP - Login Fails with Error “Too many failed codes. Wait for some minutes before retrying”.
Thanks,
Remus
This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.