Replies: 2 comments 1 reply
-
|
I think you should implement this at a higher level, not in Limiting in the authorize callback seems like it wouldn't really solve the issue, and your application could still suffer in terms of performance. |
Beta Was this translation helpful? Give feedback.
-
|
@Baterka this has been added in authorize(credentials, req /*<-- new*/) |
Beta Was this translation helpful? Give feedback.
-
|
Can you elaborate on that a little bit more? or point to some form of documentation? |
Beta Was this translation helpful? Give feedback.
Uh oh!
There was an error while loading. Please reload this page.
Uh oh!
There was an error while loading. Please reload this page.
-
I have trouble with implementing IP rate limitation for Credentials provider (https://next-auth.js.org/providers/credentials). It is applicable to any other provider also.
I cannot find a way to retrieve the Request object in
authorizemethod to implement such a system.My app is getting a ton of false attempts even I am using ReCAPTCHA so I want to mitigate this with an IP-based rate limiter.
Beta Was this translation helpful? Give feedback.
All reactions