We are using the Classic Universal Login with the Lock widget.
I’d like to ask a question about handling failed logins from blocked users.
If the user is blocked due to multiple failed login attempts(Brute force detection), then if the user logs in again:
This call /usernamepassword/login returns 429.
The user will stay in the Auth0 login page, and see the error message up top.
We just need to customize the error message to fit our need. So far so good
If the user is blocked from Auth0 console: User Management=>Users=>Select the user and block, then when the user logs in. Then if the user logs in again:
This call /usernamepassword/login returns 200
For this scenario, since Auth0 redirects back to the app, the app will need to handle this error and display an error message, so there is some work to be done in the app.
For scenario#2, is it possible to config Auth0 so that the blocked user stay in the Auth0 login page after the failed login attempt, and display the error message in the login page like Scenario#1? Maybe with a different error message?
Hi there @patara.kulratanayan! I apologize for the delay here but wanted to get back on this one. It is unfortunately not possible to keep the user within the context of Universal Login in this scenario. That is, Auth0 will always redirect to the application with the relevant params which is expected to handle it. The following post elaborates on this a bit:
We have an existing feedback request that I recommend upvoting if you can! Our product team monitors these closely for community engagement.