How to use "auth0-forwarded-for" header while using the Authorization Code flow

We use the PHP SDK to carry out the Authentication Code Flow:

use Auth0\SDK\API\Authentication;
$auth0_api = new Authentication($auth0Domain, $auth0ClientId, $auth0ClientSecret);
$code_exchange_result = $auth0_api->code_exchange($code, $auth0BaseUrl.'/oauth/callback');

Recently, we migrated our code to Google Cloud and we saw that Auth0 throttles frequent attempts from our server IPs thinking they are end-user IPs.

Thus, I’m trying to pass in end-user IPs using the “auth0-forwarded-for” header. However, passing such header doesn’t seem possible with Authorization Code Flow and I can’t find alternatives?

Previous message deleted due to SPAM reasons.

The “auth0-forwarded-for” header is used to store the original client IP address when using the Authorization Code flow in Auth0. To use it, you need to:
Enable the header in your Auth0 tenant settings.
Add the header in your API or application code.
Retrieve the header in your API or application code and use it to log or store the client IP address for auditing purposes.
Example code in Node.js:
// retrieve the header from the request
const forwardedFor = req.headers[‘auth0-forwarded-for’];
// log the header
console.log(Forwarded for: ${forwardedFor});
// store the header in your database
May be this works for you.

1 Like

Thanks for sharing that solution with the rest of company!

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.