https://supertokens.com/ logo
#support-questions
Title
# support-questions
r

rp

01/12/2022, 5:25 AM
@User as per your question about adding a lockout functionality, here is how you can implement it: https://gist.github.com/rishabhpoddar/6fe2b98ac1e09aafcba4a7307027097e - You will need to implement
isLockedOut
,
clearLoginAttemptCount
,
getLoginAttemptCount
,
lockOutEmail
and
setLoginAttemptCount
to talk to your own db. - The
isLockedOut
function will return
true
if the email is locked and it's been <= 10 mins since the email was locked (as per your requirement). - Sending
WRONG_CREDENTIALS_ERROR
if
isLockedOut
, will display that the entered credentials are incorrect on the frontend. This might be the best thing to do from a security point of view, but you can also throw an error and catch it in your own app error handler and then send a custom response to the frontend. - You can even override other functions like
createResetPasswordToken
to check if the email is locked out and if it is, then prevent the user from doing a password reset flow.