the use case,
need to send notification to backend system upon a max login failure event.
background,
we have a custom hosted page, using client auth library (auth0.js) to login, with a custom database connection login script, where it calls set of backend api for authentication.
solution#1,
tap in the backend api to track and send notification upon a max login failure, initially thought this was doable but only realized the custom database login script only support the username and password in its param, in order to send notification, additional custom parameter need to feed in from the front end, but it seems cannot access the content therefore the request object. So run to a wall.
solution#2
tap in the rule, which hopefully will get fired upon the max login failure event, the rule does has the context object but cannot find which rule to fit this use case in.
So we are stuck, any better way to handle this?? please help
I’m unaware of any good way to handle this scenario; as you said the login script does not have access to additional context so it only has the username/email and password information.
In terms of rules, given rules execute only after the initial set of credentials (username/email and password combination for a database connection) have been validated correctly they don’t seem in any way applicable to this scenario where wrong credentials are being provided.
What’s the context of this notification? Does it need to be a synchronous notification or some level of delay is accepted? The reason I ask is that failed login attempts will be reported to tenant logs so if you send that stream of logs to your own system you can create triggers that are raised upon certain conditions. In addition, for a failed login event there would be additional context information in the log event (information like IP address, user-agent) which may or may not be what you require, but it is more than what’s available to a login script.