I am using Okta idx @okta/okta-auth-js version 7.3.0 and Okta’s identity engine. I have the authenticator enrollment password policy checked with “Show lock out failures” and “Lock out user after 5 unsuccessful attempts”.
When I try to authenticate a user with incorrect credentials, I get nextSteps with challenge-authenticator and inputs as password. I never get the count or message as to user has been locked out of their account due to too many failed login attempts
Hello,
It could be that if you have two password authenticator policies both set to the same group (everyone), and one allows showing the lockout failure and the other does not that you would end up not getting the lockout message returned from the backend.
Thank You,