Hello Community! I’m working on a script for the login page, where I will automatically unblock a user if the user gets blocked due to Brute Force Attack after 15 mins of being blocked (since there is no way to configure that in the website) only being able to be unblocked twice.
The problem is getting the user list by doing q:blocked=true, but not able to retrieve anything even when there is a dummy user that is blocked by brute force
this is the request I am doing in python
def get_blocked_users():
headers = {
'Authorization': f'Bearer {get_management_token()}',
'Accept': 'application/json'
}
url = f'https://{AUTH0_DOMAIN}/api/v2/users'
params = {'q': 'blocked=true'}
resp = requests.get(url, headers=headers, params=params)
resp.raise_for_status()
print(resp.json()) # check for response here
return resp.json()
Will it only get the users that are blocked by the admin or other means and will not show the ones who are blocked by brute-force?
I have managed to make a workaround for this problem which is to base the blocked users using logs type:“limit_wc”, but it is not nearly as efficient as the one I am asking.