Attack Protection - Auth0 Go SDK

Attack Protection provides security features to protect your Auth0 tenant from common attacks like brute force, breached password detection, and suspicious IP throttling.

Overview

The Attack Protection API is organized into sub-clients:

BotDetection - Configure bot detection settings
BreachedPasswordDetection - Manage breached password detection
BruteForceProtection - Configure brute force protection
Captcha - Manage CAPTCHA settings
SuspiciousIPThrottling - Configure suspicious IP throttling

Accessing Attack Protection

// Access attack protection clients
client.Management.AttackProtection.BotDetection
client.Management.AttackProtection.BreachedPasswordDetection
client.Management.AttackProtection.BruteForceProtection
client.Management.AttackProtection.Captcha
client.Management.AttackProtection.SuspiciousIPThrottling

Bot Detection

Manage bot detection settings to identify and block automated attacks.

Get Bot Detection Settings

settings, err := client.Management.AttackProtection.BotDetection.Get(
    context.TODO(),
)
if err != nil {
    log.Fatalf("Failed to get bot detection settings: %v", err)
}

fmt.Printf("Bot detection enabled: %v\n", settings.GetEnabled())

Update Bot Detection Settings

import "github.com/auth0/go-auth0/v2/management"

update := &management.UpdateBotDetectionRequestContent{
    Enabled: management.Bool(true),
}

updated, err := client.Management.AttackProtection.BotDetection.Update(
    context.TODO(),
    update,
)
if err != nil {
    log.Fatalf("Failed to update bot detection: %v", err)
}

Breached Password Detection

Detect and prevent the use of passwords that have been exposed in known data breaches.

Get Breached Password Detection Settings

settings, err := client.Management.AttackProtection.BreachedPasswordDetection.Get(
    context.TODO(),
)
if err != nil {
    log.Fatalf("Failed to get settings: %v", err)
}

fmt.Printf("Breached password detection enabled: %v\n", settings.GetEnabled())
fmt.Printf("Method: %s\n", settings.GetMethod())

Update Breached Password Detection Settings

update := &management.UpdateBreachedPasswordDetectionRequestContent{
    Enabled: management.Bool(true),
    Method: management.String("standard"),
    AdminNotificationFrequency: []string{"immediately"},
}

updated, err := client.Management.AttackProtection.BreachedPasswordDetection.Update(
    context.TODO(),
    update,
)
if err != nil {
    log.Fatalf("Failed to update settings: %v", err)
}

Brute Force Protection

Protect against brute force attacks by limiting failed login attempts.

Get Brute Force Protection Settings

settings, err := client.Management.AttackProtection.BruteForceProtection.Get(
    context.TODO(),
)
if err != nil {
    log.Fatalf("Failed to get settings: %v", err)
}

fmt.Printf("Enabled: %v\n", settings.GetEnabled())
fmt.Printf("Max attempts: %d\n", settings.GetMaxAttempts())

Update Brute Force Protection Settings

update := &management.UpdateBruteForceProtectionRequestContent{
    Enabled: management.Bool(true),
    MaxAttempts: management.Int(10),
    Shields: []string{"block", "user_notification"},
    AllowList: []string{"192.168.1.1", "10.0.0.0/8"},
}

updated, err := client.Management.AttackProtection.BruteForceProtection.Update(
    context.TODO(),
    update,
)
if err != nil {
    log.Fatalf("Failed to update settings: %v", err)
}

CAPTCHA

Manage CAPTCHA requirements for authentication flows.

Get CAPTCHA Settings

settings, err := client.Management.AttackProtection.Captcha.Get(
    context.TODO(),
)
if err != nil {
    log.Fatalf("Failed to get CAPTCHA settings: %v", err)
}

fmt.Printf("Provider: %s\n", settings.GetProvider())

Update CAPTCHA Settings

update := &management.UpdateCaptchaRequestContent{
    Provider: management.String("recaptcha_v2"),
    SiteKey: management.String("your-site-key"),
    SecretKey: management.String("your-secret-key"),
}

updated, err := client.Management.AttackProtection.Captcha.Update(
    context.TODO(),
    update,
)
if err != nil {
    log.Fatalf("Failed to update CAPTCHA settings: %v", err)
}

Suspicious IP Throttling

Throttle requests from IP addresses that exhibit suspicious behavior.

Get Suspicious IP Throttling Settings

settings, err := client.Management.AttackProtection.SuspiciousIPThrottling.Get(
    context.TODO(),
)
if err != nil {
    log.Fatalf("Failed to get settings: %v", err)
}

fmt.Printf("Enabled: %v\n", settings.GetEnabled())

Update Suspicious IP Throttling Settings

update := &management.UpdateSuspiciousIPThrottlingRequestContent{
    Enabled: management.Bool(true),
    Shields: []string{"block", "admin_notification"},
    AllowList: []string{"192.168.1.1"},
}

updated, err := client.Management.AttackProtection.SuspiciousIPThrottling.Update(
    context.TODO(),
    update,
)
if err != nil {
    log.Fatalf("Failed to update settings: %v", err)
}

Complete Example

package main

import (
    "context"
    "fmt"
    "log"
    "os"

    "github.com/auth0/go-auth0/v2/management"
)

func main() {
    client, err := management.New(
        context.TODO(),
        os.Getenv("AUTH0_DOMAIN"),
        management.WithClientCredentials(
            os.Getenv("AUTH0_CLIENT_ID"),
            os.Getenv("AUTH0_CLIENT_SECRET"),
        ),
    )
    if err != nil {
        log.Fatalf("Failed to create client: %v", err)
    }

    // Enable all attack protection features
    ctx := context.TODO()

    // Enable bot detection
    _, err = client.Management.AttackProtection.BotDetection.Update(ctx, &management.UpdateBotDetectionRequestContent{
        Enabled: management.Bool(true),
    })
    if err != nil {
        log.Fatalf("Failed to enable bot detection: %v", err)
    }

    // Enable breached password detection
    _, err = client.Management.AttackProtection.BreachedPasswordDetection.Update(ctx, &management.UpdateBreachedPasswordDetectionRequestContent{
        Enabled: management.Bool(true),
        Method: management.String("standard"),
    })
    if err != nil {
        log.Fatalf("Failed to enable breached password detection: %v", err)
    }

    // Enable brute force protection
    _, err = client.Management.AttackProtection.BruteForceProtection.Update(ctx, &management.UpdateBruteForceProtectionRequestContent{
        Enabled: management.Bool(true),
        MaxAttempts: management.Int(10),
    })
    if err != nil {
        log.Fatalf("Failed to enable brute force protection: %v", err)
    }

    fmt.Println("All attack protection features enabled successfully")
}

Best Practices

Enable Multiple Layers - Use multiple attack protection features together for defense in depth
Monitor Logs - Regularly review security logs to identify attack patterns
Test Changes - Test attack protection settings in a development environment first
Maintain Allow Lists - Keep IP allow lists up to date to prevent blocking legitimate traffic
Configure Notifications - Set up admin notifications for security events

Security Best Practices
Anomaly Detection
Logs - View security event logs

​Overview

​Accessing Attack Protection

​Bot Detection

​Get Bot Detection Settings

​Update Bot Detection Settings

​Breached Password Detection

​Get Breached Password Detection Settings

​Update Breached Password Detection Settings

​Brute Force Protection

​Get Brute Force Protection Settings

​Update Brute Force Protection Settings

​CAPTCHA

​Get CAPTCHA Settings

​Update CAPTCHA Settings

​Suspicious IP Throttling

​Get Suspicious IP Throttling Settings

​Update Suspicious IP Throttling Settings

​Complete Example

​Best Practices

​Related Resources