Confirming that a CAPTCHA was Presented to a User and Correlate to a Successful Login

konrad.sopala · November 20, 2023, 8:07am

Problem statement

How to confirm that a CAPTCHA was presented to a user and that this is correlated to a successful login?

Solution

In the Auth0 Dashboard (Security > Attack Protection > Bot Detection) switch on “Enable tenant logs for risk assessment” for additional logging
Under “Response” select the CAPTCHA service and set “Enforce CAPTCHA” to “When Risky”.

An end user login will provide a tenant log with event type “pla” Log Event Type Codes . This log entry will contain a boolean details.requiresVerification property. When this field is “true” a CAPTCHA was presented to the user. When the field is “false” a CAPTCHA was not presented to a user.

The “pla” log entry will also have a details.session_id field. The related event type “s” (successful login) event will have a matching details.session_id field so this can be used for correlation to a successful login.

Topic		Replies	Views
Pre Login Assessment Help	3	1945	June 4, 2024
Validate Captcha Enforcement due to Bot Detection with Risky Option Enabled Knowledge Articles tenant-logs , captcha , risky , bot_detection	1	203	June 12, 2024
Regarding Bot Detection under Attack Protection Help auth0 , login , bot-detection , attack-protection	2	2144	September 16, 2022
Captcha - Pre-login risk assessment Knowledge Articles recaptcha	1	1348	May 31, 2023
Bot Detection not Generating PLA Logs for Certain Failed Logins Knowledge Articles	1	478	November 30, 2023

Confirming that a CAPTCHA was Presented to a User and Correlate to a Successful Login

Problem statement

Solution

Related Topics