Rate limit 429 after 7 bad attempts with email passwordless

streamzz · November 12, 2024, 2:42am

Hi Folks,

We have passwordless email configured and working well.

One thing is odd. After 7 bad codes there is a 429 on the email challenge endpoint.

There is an auth0 system message associated with it:

“It seems this application has become very popular, and its available rate limit has been reached. Please retry after a few minutes”

Example Tracking ID: 64886d4aafa50c28bfe1

This occurs before the Account Blocked message.

This feels like an IP address block. This is not a big concern. I would like to know the reason if possible.

The system message means we cannot handle this condition with UI.

marybeth.hunter · November 12, 2024, 5:14pm

Do you see any tenant logs of the types limit_mu, limit_sul, or limit_wc around the time of the 429s?

Additionally, please see this Community article concerning 429s and passwordless: Getting rate limitted for /passwordless/start quickly

Please let me know if you have any additional questions!

Best,

Mary Beth

Topic		Replies	Views
Getting rate limitted for /passwordless/start quickly Knowledge Articles rate-limit , passwordless	1	806	September 19, 2023
429 (Too Many Requests): POST /oauth/token Help auth0	1	4692	July 27, 2020
Email OTP code submission through proxy, "You've reached the maximum number of attempts. Please try to login again" Help auth0	7	5234	May 6, 2024
IP Address login Restrictions Help signup , rate-limit , passwordless	2	3581	January 9, 2020
429 - Too many requests (end-user specific) Help classic-universal-login-experience , login-experience	0	1130	May 24, 2023