Getting "too_many_attempts" error in pipeline, but not in gitbash curl command

richard.sanigar · February 9, 2021, 12:41pm

Hi

I am using the following as a curl command to obtain an access_token:

curl --request POST
–url ‘https://gotham-city-preprod.eu.auth0.com/oauth/token’
–header ‘content-type: application/x-www-form-urlencoded’
–data ‘grant_type=password’
–data ‘username=Bruce.Wayne@gotham-city.com’
–data ‘password=Batman123’
–data ‘audience=https://gotham-city-preprod.eu.auth0.com/api/v2/’
–data ‘scope=read:current_user’
–data ‘client_id=CLIENT_ID’
–data ‘client_secret=CLIENT_SECRET’

In a gitbash shell it works a treat. However. if I place the exact same curl command in a gitlab pipeline I get the following error.

{“error”:“too_many_attempts”,“error_description”:“Your account has been blocked after multiple consecutive login attempts. We’ve sent you an email with instructions on how to unblock it.”}

The frustrating thing is the dev pipeline job works, but the preprod pipeline job fails

The account is not blocked, because the curl command continues to work in Gitbash.

What am I missing? Is there a tenant/application/connection setting I need to configure?

Thanks in advance

Richard

stephanie.chamblee · February 10, 2021, 3:58pm

Hi @richard.sanigar,

I’m not too familiar with Gitlab pipelines, but I’m curious if the request is making it to your tenant or if the request is being blocked by gitlab for some reason.

When you enter the curl command and look at your tenant logs, do you see an error or event of any kind?

richard.sanigar · February 11, 2021, 11:04am

Hi Stephanie

Mystery solved. One of my colleagues also had a similar script in another pipeline, but his script had the wrong password in it. As our two pipelines were running on the same host, the anomaly protection in Auth0 kicked in and blocked the IP address and user.

Using the Management API and the /user-blocks end-point, I was able to delete the block.

BTW the user blocking did appear in the Auth0 logs.

Thank you again for your help

Regards

Richard

stephanie.chamblee · February 11, 2021, 11:05am

Awesome! Glad that was resolved!

system · February 26, 2021, 11:06am

This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.