REJack

That's a really great idea, I've never thinked about this but that is would be a great enhancement for Aauth.

> First of all: its not really a "DDOS"-protection. Its bascially just a Brute-Force protection preventing people from trying to call the login-function hundreds of times with different passwords/usernames. But...

@perenstrom I named some commit with `rc` but it was a mistake by me 😅 It's definitely a alpha 😄

@hersag You can stick with V2 but with BCrypt (`use_password_hash` on `true`), if V3 is ready i'll create a detailed documentation for easy upgrade. I have at the moment much...

@andacata how you mean this?

@andacata & @tswagger i agree on this too, its a nice idea 😄 I'll add this to the list later.

I agree with this but i gone change this in v3.0.0

What should the maintenance mode do or change?

I think it would be better to create a config option to allow login only for admins.

I'll add this feature with v3.0.0