I was planning on using Auth0 for my React project (SPA), and according to the OAuth flow of SPA’s, client_secret is not issued. Anyone can see the request that my application makes to Auth0 for the authorization token, and can use the request to spam my account. How does Auth0 defend my account aga…

How does Auth0 filter spam Authorization token requests for SPAs?

dan.woda March 17, 2022, 8:02pm 3

Welcome to the Auth0 Community!

There is no quota for failed auth transactions. Quotas are based on active users and M2M tokens, which only occur when an auth transaction is successful.

We also offer a suite of attack protection features, some are enabled by default.

1 Like

Topic		Replies	Views
React SPA using auth0-react spams the authorize endpoint when not logged in Get Help missing-category , other	3	18	November 22, 2024
Confusion over flow for multi-instanced SPA+API Get Help jwt , api	7	3241	August 2, 2019
Need help accessing Management API using react-auth0-spa-js Get Help spa , react	4	5813	February 12, 2020
Lock, Auth0.js, Auth0 React SDK or Authentication API Get Help auth0-spa-js , sdks-quickstarts	0	1686	November 7, 2022
Multiple SPA and APIs. Block SPA for a certain api Get Help configuration , application	4	11	April 29, 2025

How does Auth0 filter spam Authorization token requests for SPAs?

Related topics