Skip to content

fix: add 'too_many_attempts' to error codes in logInError function #2718

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
ankita10119 merged 1 commit into from
Jan 20, 2026
Merged

fix: add 'too_many_attempts' to error codes in logInError function #2718

ankita10119 merged 1 commit into from
Jan 20, 2026

Conversation

@ankita10119
Copy link
Contributor

@ankita10119 ankita10119 commented Jan 16, 2026
edited
Loading

Changes

Fixes issue #2589 where the authorization_error event was not being emitted when users trigger rate limiting by attempting too many failed logins.

Problem

When Auth0's brute force protection triggers and returns a too_many_attempts error (HTTP 429), Lock was not emitting the authorization_error event. This prevented applications from handling rate limiting errors gracefully through the event listener.

The error code too_many_attempts was missing from the whitelist array that determines which error codes should trigger the authorization_error event.

Solution

Added 'too_many_attempts' to the errorCodesThatEmitAuthorizationErrorEvent array in src/core/actions.js

This ensures that when rate limiting is triggered, applications can now handle it properly:

lock.on('authorization_error', function(error) {
  if (error.error === 'too_many_attempts') {
    // Show custom message to user
  }
});

References

Closes #2589

Testing

  • This change adds unit test coverage
  • This change adds integration test coverage
  • This change has been tested on the latest version of the platform/language

Checklist

@ankita10119 ankita10119 requested a review from a team as a code owner January 16, 2026 16:44
@ankita10119
Copy link
Contributor Author

ankita10119 commented Jan 16, 2026
edited
Loading

Before

Screen.Recording.2026-01-16.at.9.49.42.PM.mov

After

Screen.Recording.2026-01-16.at.9.52.29.PM.mov

@ankita10119 ankita10119 merged commit 0a6071c into master Jan 20, 2026
5 checks passed
@ankita10119 ankita10119 deleted the SDK-7525 branch January 20, 2026 12:22
This was referenced Jan 20, 2026
Closed
Merged
ankita10119 added a commit that referenced this pull request Jan 21, 2026
@ankita10119
Release v14.2.4 (#2721)
34c8f68 
**Fixed**
- fix: update className and InputWrap name in SelectInput component
(#2534) [\#2719](#2719)
([ankita10119](https://github.com/ankita10119))
- fix: handle undefined and empty domain values in HRD screen (#2526)
[\#2720](#2720)
([ankita10119](https://github.com/ankita10119))
- fix: add 'too_many_attempts' to error codes in logInError function
[\#2718](#2718)
([ankita10119](https://github.com/ankita10119))
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@yogeshchoudhary147 yogeshchoudhary147 yogeshchoudhary147 approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

"authorization_error" event is not triggering the "too_many_attempts" error

3 participants

@ankita10119 @yogeshchoudhary147