We have a Azure API (App service) in which we provide a call for registering new users with Auth0 with the Resource Owner Password flow. But in the signup call we receive an error: ‘Suspicious request requires verification’ with HTTP status code 401.
Additional information:
We’re using the .NET Nuget package ‘auth0.AuthenticationApi’ version 7.10.0.
We have already disabled the ’ Suspicious IP Throttling’ functionality in Auth0.
Before disabling we’ve added our Azure APP ip-address to the whitelist.
When running our API on a local machine or send the request with Postman there’s no error.
I understand that you are encountering issues with the Resource Owner Password flow, specifically with the Suspicious request requires verification error.
This error usually occurs whenever Auth0’s Attack Protection features detect a suspicious authentication, specifically with the Bot Detection feature.
It’s important to be aware that when using the Resource Owner Password Grant flow, the Bot Detection feature should be disabled. This is an inherent limitation with Bot Detection and ROPG.
After disabling Bot Detection, you should be able to authenticate without any errors.
Please let me know if you have any further questions. I would be happy to answer them.