We are developing an endpoint, which basically proxies calls to Auth0 User Blocks API. The endpoint will be used to unblock users, who blocked themselves by entering an incorrect password multiple times.
There is no API method on Auth0 side to set such a block on a user, so it is not clear, how we can test this scenario. Obviously, we can have it covered with integration and unit tests, but now we are looking to test this functionality with e2e tests.
The options we see now are the following
- Use Password Flow with an incorrect password for a particular user for Login Threshold Maximum Attempts (Brut-Force Protection settings) number of times.
- In a UI test, simulate a user entering an incorrect password the same amount of times taken from Brut-Force Protection settings.
Which of the approaches would you recommend? Are there other ways of making a user brut-force blocked for test purposes?
If there are no other alternative ways, except the mentioned above, are there potential issues that our CI agents can run into with either of the approaches?