Failed Logins: Missing required parameter: response_type

Hello,

I am receiving a number of failed logins, intermixed with normal/successful logins. The failed logins come in ‘bursts’ of 6-8 at a time, all within a few seconds of each other, and all with the same description: “Missing required parameter: response_type”

These failed logins also do not have an assigned Application or Connection - they all say “N/A”, whereas the successful logins all have their correct designations listed.

Here is a support topic with a similar scenario: Missing required parameter: response_type - #11

This feels a bit like a series of bot/spam login attempts, but am uncertain how to verify this or go about restricting them. Any advice would be appreciated.

Hi @eric12,

I understand you encountered the “Missing required parameter: response_type” error.

I have reproduced this issue by omitting the response_type in the login request. As you have observed, the application and connection are N/A.

In this scenario, you must ensure the login requests include the response_type query parameter.

For example:

https://{yourDomain}/authorize?
    response_type=code&
    client_id={yourClientId}&
    redirect_uri={https://yourApp/callback}&
    scope={scope}&
    audience={apiAudience}&
    state={state}

(Reference: Call Your API Using the Authorization Code Flow)

I can guarantee that this is unrelated to bot/spam login attempts because it refers to a missing query parameter. If this were bot/spam activity, you would see scripted login/signup attacks, which you can workaround by enabling the features for Attack Protection.

Thanks,
Rueben

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.