Replies: 2 comments 1 reply
-
|
I think you should implement this at a higher level, not in Limiting in the authorize callback seems like it wouldn't really solve the issue, and your application could still suffer in terms of performance. |
Beta Was this translation helpful? Give feedback.
-
|
@Baterka this has been added in authorize(credentials, req /*<-- new*/) |
Beta Was this translation helpful? Give feedback.
-
|
Can you elaborate on that a little bit more? or point to some form of documentation? |
Beta Was this translation helpful? Give feedback.
-
I have trouble with implementing IP rate limitation for Credentials provider (https://next-auth.js.org/providers/credentials). It is applicable to any other provider also.
I cannot find a way to retrieve the Request object in
authorizemethod to implement such a system.My app is getting a ton of false attempts even I am using ReCAPTCHA so I want to mitigate this with an IP-based rate limiter.
Beta Was this translation helpful? Give feedback.
All reactions