Lockout Policy

A simple client-side lockout policy can be enabled on the web components just with a single attribute:

  • enable-lockout or enableLockout Setting this attribute to true will enable the lockout policy with the default configuration.

To change the lockout policy configuration the lockout-options or lockoutOptions object can be set, it is an object which has the following structure:

Key

Type

Default Value

Explanation

time

number

5 minutes in ms

The amount of time the user is going to be locked out for after reaching the maximum number of failed attempts.

tolerance

number

5

The amount of attempts that the user has to fail in a row to be locked out.

This lockout policy is client-side meaning that it can be bypassed quite easily, but it should suffice as a first layer of protection against less tech savvy users. We plan to have server-side lockout policy in the near future.

Last updated