Would you be able to provide a .HAR file of a user attempting to log in with the wrong credentials?
The .HAR file will contain your auth0 domain, the client ID, the connection name and the (fake) user credentials. None of that information is particularly secret but if you prefer to send them over a DM instead of attaching here that’s OK.
For customers, if you use federation protocols (as recommended) you won’t get information of failed logins. Federation protocols only respond after a successful authentication, and any failed attempt logging is the responsibility of the identity provider used.