Passwordless login - has my phone been blacklisted?

ben13 · May 12, 2020, 12:53am

I’m implementing and testing passwordless authentication on our app using the passwordless API, and originally was able to log in without any trouble. However for the last few days have been unable to log in from my own phone. Each time I try to verify a new code I get a response with HTTP status 403 and the error message: “You’ve reached the maximum number of attempts. Please try to login again.”

I have tried this on two different tenants and the result is the same (both are currently on the free tier). I have also tried deleting the user account for that phone number and it has not changed the behaviour.

If I use a different phone number, I am able to log in with passwordless successfully. As I am currently testing I have been logging in more than I would usually, but I don’t believe I have come close to hitting the rate limits, and have never received a response with HTTP status 429 (as described here). However the fact that this only occurs with one phone number, and across multiple tenants, makes me wonder if my number has been blacklisted somewhere.

So I have a few questions:

Is this behaviour expected? If so, where is it documented?
If my phone number has been blacklisted, what can I do to resolve the situation?
How can I prevent this situation happening to a user once the passwordless login is live?

Thanks in advance.

dan.woda · May 12, 2020, 4:47pm

Hi @ben13,

Welcome to the Community!

Can you DM me your tenant name so I can take a look at your logs?

Thanks,
Dan

ben13 · May 14, 2020, 5:12am

Hi Dan, thanks for your response. I have sent you the details in a DM.

ben13 · May 15, 2020, 1:33am

Hi Dan,

I’ve discovered the cause of the issue - it was a bug in my application. Essentially the phone number wasn’t always being converted to e164 format properly, which was causing the login call to fail. I suspect the reason I saw the max number of attempts error rather than a normal failed login error is that I tried to log in several times before debugging in detail and writing this post.

I’ve now corrected the application and am able to log in as expected.

Thanks very much for your time on this, and my apologies that it was unnecessary!

Ben

dan.woda · May 18, 2020, 8:25pm

Thanks for sharing the solution!

dan.woda · June 2, 2020, 8:25pm

This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Passwordless SMS: trying to log back in with an active session, "no phone_number or verification code" Help session , passwordless , authorize , passwordless-sms	36	9532	March 23, 2019
Rate limit 429 after 7 bad attempts with email passwordless Help login-experience , new-universal-login-experience	2	359	November 12, 2024
Retroactive passwordless connections -- is it possible through account linking? Help connections , passwordless-email-connection	2	486	November 21, 2023
Why is user blocked Help	4	1919	December 22, 2022
Cannot update a users phone number Help	6	2788	February 17, 2022

Passwordless login - has my phone been blacklisted?

Related topics