Good day.
In our testing we’ve found an interesting case where a user can be blocked for having too many incorrect logins, even if it’s not their fault, it’s just that there was a connection error between Auth0 and our custom Auth Provider.
I can see in the documentation that
return callback(new WrongUsernameOrPasswordError(userNameOrEmail, "My custom error message"));
causes a fp log message to be created, which makes sense. Also
return callback(new WrongUsernameOrPasswordError(null, "My custom error message"));
causes an fu log message which also makes sense.
What doesn’t make so much sense to me is that
return callback(new UnauthorizedError("An error occurred"));
and
return callback(new Error("An error occurred"));
both also cause an fu to be logged and contribute to the count of logins that lead to the blocking of users.
{
"date": "2025-04-23T11:10:32.406Z",
"type": "limit_wc",
"description": "User (simon.pain@example.com) attempted 5 consecutive logins unsuccessfully. Brute force protection is enabled for this connection, further attempts are blocked from this IP address for this user.",
"connection": "Username-Password-Authentication"
}
Is there any way in the Custom DB Script to log an error that’s “our problem” rather than the user’s problem so that it doesn’t count towards applying a login block to the user?
Many Thanks
Simon