Hi, I want to know if there’s any way to catch if a user is or has been blocked after X number of failed attempts.
I was thinking of a rule, action, or hook that could catch when the user gets blocked so we can use some logic, like sending an SMS from our system to global admins.
User ---> Login attempt ---> action check if user will be/has been blocked ----> Some logic in action, rule or hook
I hope we can find a solution together.
Thanks for reaching out to the Auth0 Community!
I understand that you would like to know how to know if a user is blocked by brute force protection.
To do so, I recommend using the Management API’s
Get a user’s block endpoint and set the to true. By doing so, you can determine if the user is blocked by brute force protection.
I hope this helps!
Please do not hesitate to reach out if you have any further questions.
I’m looking to show in a User Grid the status of users, which needs to consider if they are blocked. I have noticed that if the user is blocked due to brute force protection, the search user endpoint doesn’t return any properties indicating that the user is blocked. I would have expected that the
blocked attribute would show as true. Is there a way to achieve this without making a request to the user block endpoint for every user on the page?
Unfortunately, there isn’t an endpoint that can query for a list of brute-force blocked users.
I understand the current solution of using the Get a user’s block endpoint would not be scalable.
For now, my best recommendation is to use the
Logs to find the users who are blocked from brute force. In the logs, search for the
log event type code.
Lastly, I recommend upvoting the
Find brute-force blocked users in User Management panel feedback request. This way it can attract more votes, with higher votes leading to a higher implementation priority.
I hope this helps!
January 25, 2023, 12:45am
This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.