We use the PHP SDK to carry out the Authentication Code Flow:
use Auth0\SDK\API\Authentication;
$auth0_api = new Authentication($auth0Domain, $auth0ClientId, $auth0ClientSecret);
$code_exchange_result = $auth0_api->code_exchange($code, $auth0BaseUrl.'/oauth/callback');
Recently, we migrated our code to Google Cloud and we saw that Auth0 throttles frequent attempts from our server IPs thinking they are end-user IPs.
Thus, I’m trying to pass in end-user IPs using the “auth0-forwarded-for” header. However, passing such header doesn’t seem possible with Authorization Code Flow and I can’t find alternatives?
The “auth0-forwarded-for” header is used to store the original client IP address when using the Authorization Code flow in Auth0. To use it, you need to:
Enable the header in your Auth0 tenant settings.
Add the header in your API or application code.
Retrieve the header in your API or application code and use it to log or store the client IP address for auditing purposes.
Example code in Node.js:
// retrieve the header from the request
const forwardedFor = req.headers[‘auth0-forwarded-for’];
// log the header
console.log(Forwarded for: ${forwardedFor});
// store the header in your database
storeIPAddress(forwardedFor);
May be this works for you.