cypress-documentation
cypress-documentation copied to clipboard
cypress-io
Incorrect information on how to avoid being rate-limited from auth0
I'm submitting a...
[X] Bug report
[ ] Content update
[ ] Process update (build, deployment, ... )
Type of bug / changes
On a Cypress documentation related to Auth0 (https://docs.cypress.io/guides/testing-strategies/auth0-authentication#Auth0-Rate-Limiting-Logins), it is mentioned that a 20 times per minute login as the same user from the same location will trigger a rate limit (this is true). Right after that, it is said "If you run into this rate limit, a programmatic approach can be added to the loginByAuth0 command to clear a blocked IP prior to the test run.": no, that rate limit will not trigger any Anomaly Detection IP block and you cannot really remove the rate limit trigger. It is a rate limit, it is not a block. There's nothing you can do to remove this limit once it has been imposed. You need to wait until you are not rate-limited.
In general, you can avoid being rate limited. All you have to do is to abide by our Rate Limits Policy (https://auth0.com/docs/support/policies/rate-limit-policy), which in technical terms means to programmatically review HTTP response headers and handle rates limitations in code as documented here: https://auth0.com/docs/support/policies/rate-limit-policy#review-http-response-headers
Alejandro Jurado Walls - Developer Support Engineer at Auth0.
