Question about handling failed logins from blocked users

We are using the Classic Universal Login with the Lock widget.
I’d like to ask a question about handling failed logins from blocked users.

If the user is blocked due to multiple failed login attempts(Brute force detection), then if the user logs in again:
This call /usernamepassword/login returns 429.
The user will stay in the Auth0 login page, and see the error message up top.
We just need to customize the error message to fit our need. So far so good

If the user is blocked from Auth0 console: User Management=>Users=>Select the user and block, then when the user logs in. Then if the user logs in again:
This call /usernamepassword/login returns 200

Eventually Auth0 will call back to the app with error message in the URL: - “https://myapp/?error=unauthorized&error_description=user is blocked&state=state”

For this scenario, since Auth0 redirects back to the app, the app will need to handle this error and display an error message, so there is some work to be done in the app.


  • For scenario#2, is it possible to config Auth0 so that the blocked user stay in the Auth0 login page after the failed login attempt, and display the error message in the login page like Scenario#1? Maybe with a different error message?


Hi there @patara.kulratanayan! I apologize for the delay here but wanted to get back on this one. It is unfortunately not possible to keep the user within the context of Universal Login in this scenario. That is, Auth0 will always redirect to the application with the relevant params which is expected to handle it. The following post elaborates on this a bit:

We have an existing feedback request that I recommend upvoting if you can! Our product team monitors these closely for community engagement. :point_down:

1 Like

Thank you for the information.

1 Like

No problem, happy to help where I can! :smile:

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.