Hi @eric12,
I understand you encountered the “Missing required parameter: response_type” error.
I have reproduced this issue by omitting the response_type in the login request. As you have observed, the application and connection are N/A.
In this scenario, you must ensure the login requests include the response_type query parameter.
For example:
https://{yourDomain}/authorize?
response_type=code&
client_id={yourClientId}&
redirect_uri={https://yourApp/callback}&
scope={scope}&
audience={apiAudience}&
state={state}
(Reference: Call Your API Using the Authorization Code Flow)
I can guarantee that this is unrelated to bot/spam login attempts because it refers to a missing query parameter. If this were bot/spam activity, you would see scripted login/signup attacks, which you can workaround by enabling the features for Attack Protection.
Thanks,
Rueben