We’ve recently added a new tenant to test with, and our logs are getting filled up with messages about Warning During Login.
“A user has attempted to access a login page directly. This is not supported unless a “Application Login URI” is set for your application, or a “Tenant Login URI” is set for your tenant. For more information, see: Configure Default Login Routes”
These requests are coming from IPs from all over the world. Is this something I should be concerned about? We haven’t seen this on other tenants, so did we just choose a particularly friendly tenant name?
Technically, I believe the only thing needed to trigger such a tenant log would be to know the Auth0 domain (or custom domain) and then perform a request directly to /login so the name of the tenant could indeed be relevant.
If this were a production tenant the warnings would be relevant as they could indicate that end-users are having issues accessing your applications or doing something they should not be doing.
Given you mention this is a test tenant I would assume you would have more control over the traffic (tests) so you can indeed potentially ignore those errors.
Out of curiosity, does the tenant have a custom domain? If yes, are the tenant logs associated with the custom domain or the default tenant domain?