Auth0 Home Blog Docs

Why account is blocked if it doesn't use email/password connection?




I’ve run into strange behaviour of Auth0…

User signed-up with Social connection(facebook). Facebook account is registered for
’’ email.
Auth0 created account for user

  user_id facebook|164.....
      "provider": "facebook",
      "user_id": "164....",
      "connection": "facebook",
      "isSocial": true

Looks OK so far.

Then user tired to sign-in using email/password connection, and used the same email address which is used by Facebook(
After 10 failed login attempts Auth0 started returning “Your account has been blocked after multiple consecutive login attempts.” error and added the following to user’s account:


    "identifier": "",
    "connection": "Username-Password-Authentication",
    "ip": "xx.xx.xx.xx"

No “Blocked Account Email” has been sent.

Then user tired to sign-in with facebook - logged in fine.

So, why Auth0 marks account as “blocked” if it’s not actually blocked,
and looks like that account cannot be blocked cause uses only social connection(no email/password connection)?