Do the Suspicious IP throttling settings also apply to the brute force or suspicious call to /oauth/token for access token request for Client credential grants?
If not, how can we throttle suspicious attempts for access token requests?
Welcome to the Auth0 Community! We are answering this questions in hope it will help others as well.
Brute force protection or Suspicious IP throttling are security mechanisms proivded by Auth0 that check the integrity for end-user accounts and are not specifically designed for M2M requests.
However, to check against suspicious requests when using the Client Credential Grant you can View Logs directly from the Auth0 Dashboard and check for feccft event type codes for Failed exchange of Access Token for a Client Credentials Grant.
Another way to check against possible suspicious or failed requests in the M2M scenario would be implementing logic in a credentials-exchange Action Trigger, since this takes place before an Access Token was issues. You can check out the Machine to Machine Trigger documentation.
Best regards,
Remus
This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.