We are sending the end-user IP via the header
auth0-forwarded-for as documented at https://auth0.com/docs/api-auth/tutorials/using-resource-owner-password-from-server-side.
Everything works fine, I can see that the brute force protection is reading the right IP address (dashboard -> user profile -> blocked_for)
However, when I try to access the IP in a Rule with
context.request.ip, I still get the IP of our server. Is there a way to get the end-user IP?
I was also surprised (and confused) to see that the dashboard (“users” and “logs” sections) are also showing the server IP instead of the end-user IP.
Thanks in advance,