Lockout Policy

A simple client-side lockout policy can be enabled on the web components just with a single attribute:

enable-lockout or enableLockout Setting this attribute to true will enable the lockout policy with the default configuration.

To change the lockout policy configuration the lockout-options or lockoutOptions object can be set, it is an object which has the following structure:

Key

Type

Default Value

Explanation

time

number

5 minutes in ms

The amount of time the user is going to be locked out for after reaching the maximum number of failed attempts.

tolerance

number

The amount of attempts that the user has to fail in a row to be locked out.

This lockout policy is client-side meaning that it can be bypassed quite easily, but it should suffice as a first layer of protection against less tech savvy users. We plan to have server-side lockout policy in the near future.

Last updated 6 months ago

Was this helpful?