The IP field in the Auth0 Logs are taking the server IP instead of the client IP since all the actions performed are done through API calls from server.
To avoid this conflict, Auth0 suggested "using resource owner password from server side “(https://auth0.com/docs/api-auth/tutorials/using-resource-owner-password-from-server-side#brute-force-protection-and-server-side-apis)”. This however is not working, and it is still taking the server IP.
Is there a way to identify whether the request received has the correct ip address ? When I added console log on server side to check if the header is set in the options, it has the header property auth0-forwarded-for with client ip .
Please find attached the screenshot for the console log. In the dashboard I have also enabled brute force and Trust Token Endpoint IP Header under the OAuth tab.
Only relevant forum post i found regarding this issue is given below. Is there any solution for this :