Rule: detect failed login and count

Hi,

I have a requirement to lock users after 5 failed attempts, and from my research in the Docs etc seems I need a custom rule.

I came across context.stats.loginsCount as a suggestion to use for the logic, however I can’t see HOW is this supposed to help me detect that the login is fail or success?! Anyone???

I’ve been digging through the documentation and cannot find anything that will help me (useless documentation not explaining in details what are the variables / properties on Context Object Properties in Rules) for example.

Auth0 seems to NOT provide full docs when they are needed, so I’m turning to the forum (where I’ve yet to find something helpful)

Thanks

1 Like

Hey there!

Actually we have a feature that is called Anomaly Detection and one of the sub-features is Brute Force Protection. It allows you to block somebody after 10 consecutive failed login attempts for the same user originate from the same IP address.

More on that here: Brute-Force Protection

Hi Konrad,

thank you for your reply, however as I mentioned in the message, I have read the documentation and had a proper dig into the details and your answer is not an acceptable solution. I am aware of the “default” Brute Force Protection. This does not allow me in any way to change the number of consecutive attempts according to my requirements and therefore does not solve my problem.

I guess the obvious answer here is there is no way to incorporate a custom “lock account after {x} consecutive failed login attempts”.

Thanks

2 Likes

Hey!

Rules only run ‘after’ a successful login. As such, a rule will not be able to help you in the failed login scenario.

What would actually be a viable solution is to use Log Streaming to act upon the ‘Failed Login’ log events. It would involve some work, but it can definitely be done.

We’re using the log streaming to AWS Eventbridge for example, which triggers a Lambda function that acts upon the information. In our scenario we’re listening to signup events, but this setup could also work for the other types of log events.

Hope it helps!

2 Likes

Hi rvdberg,

thank you for the suggestion, that sounds like a viable option. I’ll look into this. Thanks again!

1 Like

Yep unfortunately right now there’s isn’t an easy out of the gate solution in our stack that will allow you to customise the number of failed logins after which users should be blocked. You can always use our product feedback form to file in a feature request:

2 Likes

Hey there!

As this topic is related to Rules - Hooks - Actions and Rules & Hooks are being deprecated soon I’m excited to let you know about our next Ask me Anything session in the Forum on Thursday, January 18 with the Rules, Hooks and Actions team on Rules & Hooks and why Actions matter! Submit your questions in the thread above and our esteemed product experts will provide written answers on January 18. Find out more about Rules & Hooks and why Actions matter! Can’t wait to see you there!

Learn more here!

1 Like