Is there any way to either force a specific user account to always trigger captcha on login OR some additional parameter the auth0.js login request could be given to respond with an error that then triggers the captcha to load?
Assuming you have all the code changes necessary to be added on the login page to execute the CAPTCHA, there is an indirect way to Manually trigger the CAPTCHA by configuring it to when risky status.
Make code changes as required in the Custom Auth0 login page for the CAPTCHA enablement.
Enable CAPTCHA on the Auth0 side on the tenant level, Go to Auth0 Dashboard → Attack protection → Bot detection → Response → Enforce CAPTCHA On → Set it to : When Risky
Now to test this, you can spoof the User-agent header of the browser, You will need to set the value of the User-agent to:
How to spoof the user agent
Go to the developer tools of the Chrome browser, and select the extra options highlighted below:
More tools → Network conditions
Uncheck browser default and set the value: BadBadUserAgent
Then please press the update button at the bottom:
Once this is done, please call the /authorize endpoint to load the login page, you should see a CAPTCHA