Not sure what’s going on here, but I have a user who can’t log in due to “multiple consecutive login attempts”.
However, they’re not getting the brute force block email even though their email is verified, and there doesn’t seem to be a way to unblock via UI (which, tbh, is a pretty big miss).
The logs don’t show any failed login attempts except for 1 where I tried on purpose just to see what was going on. The rest of the user history messages show successful password resets and whatnot.
I’m able to login successfully to this user’s account from my computer (different IP), which suggests to me that this is brute force IP block related. However, even after turning off the brute force protection, the user is still getting the same “blocked after multiple consecutive login attempts” message.
Without digging into the API calls to try and fix this, what would be the next steps I can try to give this user access and unblock them?
The user has reset their password multiple times. This means they are receiving Auth0 emails — just not the unblock email(s).
I’m looking for a non-API solution (which, as a side note, is poor form here and really should have a UI mechanism for addressing).
I’m not even sure this is really a brute force protection issue since there were no failed password attempts in the user history other than my own intentional wrong password attempt to see if it was showing up in the logs. Also — I disabled brute force protection and the user was still getting this error.
No logs for the user (other than your one attempt to login with theirs credentials) is a lead. Based on data you provided in the support ticket, I can see that you tested the user’s credentials to log in to app integrated with a tenant: dexxxxxx-1xx1mexxx@us while the user attempted to log in to app integrated with tenant: wyxxxmexxxsxxxxxns@us (you can verify logs there to see all their login attempts like “failed change password requests” and “blocked account”) - here the user has no account created.